# Flog Txt Version 1 # Analyzer Version: 3.1.2 # Analyzer Build Date: Oct 28 2019 11:51:53 # Log Creation Date: 02.11.2019 19:55:08.010 Process: id = "1" image_name = "rvckjhg.exe" filename = "c:\\users\\fd1hvy\\desktop\\rvckjhg.exe" page_root = "0x73cce000" os_pid = "0xf5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\rvckjhg.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xf74 [0039.234] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0039.255] RoInitialize () returned 0x1 [0039.256] RoUninitialize () returned 0x0 [0041.886] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0xafa8f8 | out: phkResult=0xafa8f8*=0x0) returned 0x2 [0041.887] RegCloseKey (hKey=0x80000002) returned 0x0 [0041.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xafab50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0041.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xafabb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0041.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xafb068) returned 1 [0041.994] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xafb0e4 | out: lpFileInformation=0xafb0e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0041.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xafb064) returned 1 [0042.103] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xafafc0 | out: pfEnabled=0xafafc0) returned 0x0 [0043.495] EtwEventRegister (in: ProviderId=0x298a808, EnableCallback=0x4f7070e, CallbackContext=0x0, RegHandle=0x298a7e4 | out: RegHandle=0x298a7e4) returned 0x0 [0043.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xafee14) returned 1 [0043.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\rvckjhg.exe.config" (normalized: "c:\\users\\fd1hvy\\desktop\\rvckjhg.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xafee90 | out: lpFileInformation=0xafee90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xafee10) returned 1 [0044.117] GetCurrentProcess () returned 0xffffffff [0044.117] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xafec8c | out: TokenHandle=0xafec8c*=0x374) returned 1 [0044.121] GetTokenInformation (in: TokenHandle=0x374, TokenInformationClass=0x4, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xafecdc | out: TokenInformation=0x0, ReturnLength=0xafecdc) returned 0 [0044.121] LocalAlloc (uFlags=0x0, uBytes=0x14) returned 0xce2100 [0044.121] GetTokenInformation (in: TokenHandle=0x374, TokenInformationClass=0x4, TokenInformation=0xce2100, TokenInformationLength=0x14, ReturnLength=0xafecdc | out: TokenInformation=0xce2100, ReturnLength=0xafecdc) returned 1 [0044.123] LocalFree (hMem=0xce2100) returned 0x0 [0044.123] GetTokenInformation (in: TokenHandle=0x374, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xafecdc | out: TokenInformation=0x0, ReturnLength=0xafecdc) returned 0 [0044.123] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0xcd22b0 [0044.123] GetTokenInformation (in: TokenHandle=0x374, TokenInformationClass=0x1, TokenInformation=0xcd22b0, TokenInformationLength=0x24, ReturnLength=0xafecdc | out: TokenInformation=0xcd22b0, ReturnLength=0xafecdc) returned 1 [0044.123] LocalFree (hMem=0xcd22b0) returned 0x0 [0045.473] VirtualAlloc (lpAddress=0x0, dwSize=0x2205, flAllocationType=0x3000, flProtect=0x40) returned 0x4df0000 [0045.487] CoTaskMemAlloc (cb=0x20e) returned 0xd0abe0 [0045.487] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xd0abe0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0045.488] CoTaskMemFree (pv=0xd0abe0) [0045.491] strlen (_Str="kernel32.dll") returned 0xc [0045.491] mbstowcs (in: _Dest=0xafc960, _Source="kernel32.dll", _MaxCount=0xd | out: _Dest="kernel32.dll") returned 0xc [0045.491] strlen (_Str="KERNEL32.DLL") returned 0xc [0045.491] mbstowcs (in: _Dest=0xafc758, _Source="KERNEL32.DLL", _MaxCount=0xd | out: _Dest="KERNEL32.DLL") returned 0xc [0045.491] strlen (_Str="\\KnownDlls32\\ntdll.dll") returned 0x16 [0045.491] mbstowcs (in: _Dest=0xafcb68, _Source="\\KnownDlls32\\ntdll.dll", _MaxCount=0x17 | out: _Dest="\\KnownDlls32\\ntdll.dll") returned 0x16 [0045.491] strlen (_Str="\\KnownDlls32\\advapi32.dll") returned 0x19 [0045.491] mbstowcs (in: _Dest=0xafcd70, _Source="\\KnownDlls32\\advapi32.dll", _MaxCount=0x1a | out: _Dest="\\KnownDlls32\\advapi32.dll") returned 0x19 [0045.491] strlen (_Str="\\KnownDlls32\\kernel32.dll") returned 0x19 [0045.491] mbstowcs (in: _Dest=0xafddb0, _Source="\\KnownDlls32\\kernel32.dll", _MaxCount=0x1a | out: _Dest="\\KnownDlls32\\kernel32.dll") returned 0x19 [0045.491] strlen (_Str="\\KnownDlls32\\user32.dll") returned 0x17 [0045.491] mbstowcs (in: _Dest=0xafdba8, _Source="\\KnownDlls32\\user32.dll", _MaxCount=0x18 | out: _Dest="\\KnownDlls32\\user32.dll") returned 0x17 [0045.491] strlen (_Str="\\KnownDlls32\\Ole32.dll") returned 0x16 [0045.491] mbstowcs (in: _Dest=0xafd388, _Source="\\KnownDlls32\\Ole32.dll", _MaxCount=0x17 | out: _Dest="\\KnownDlls32\\Ole32.dll") returned 0x16 [0045.491] strlen (_Str="\\KnownDlls\\ntdll.dll") returned 0x14 [0045.491] mbstowcs (in: _Dest=0xafd590, _Source="\\KnownDlls\\ntdll.dll", _MaxCount=0x15 | out: _Dest="\\KnownDlls\\ntdll.dll") returned 0x14 [0045.491] strlen (_Str="\\KnownDlls\\advapi32.dll") returned 0x17 [0045.491] mbstowcs (in: _Dest=0xafd9a0, _Source="\\KnownDlls\\advapi32.dll", _MaxCount=0x18 | out: _Dest="\\KnownDlls\\advapi32.dll") returned 0x17 [0045.491] strlen (_Str="\\KnownDlls\\kernel32.dll") returned 0x17 [0045.491] mbstowcs (in: _Dest=0xafd180, _Source="\\KnownDlls\\kernel32.dll", _MaxCount=0x18 | out: _Dest="\\KnownDlls\\kernel32.dll") returned 0x17 [0045.491] strlen (_Str="\\KnownDlls\\user32.dll") returned 0x15 [0045.491] mbstowcs (in: _Dest=0xafd798, _Source="\\KnownDlls\\user32.dll", _MaxCount=0x16 | out: _Dest="\\KnownDlls\\user32.dll") returned 0x15 [0045.491] strlen (_Str="\\KnownDlls\\Ole32.dll") returned 0x14 [0045.491] mbstowcs (in: _Dest=0xafcf78, _Source="\\KnownDlls\\Ole32.dll", _MaxCount=0x15 | out: _Dest="\\KnownDlls\\Ole32.dll") returned 0x14 [0045.491] wcslen (_String="\\KnownDlls32\\advapi32.dll") returned 0x19 [0045.491] NtOpenSection (in: SectionHandle=0xafc734, DesiredAccess=0xc, ObjectAttributes=0xafc6e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\KnownDlls32\\advapi32.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: SectionHandle=0xafc734*=0x374) returned 0x0 [0045.491] NtMapViewOfSection (in: SectionHandle=0x374, ProcessHandle=0xffffffff, BaseAddress=0xafc73c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xafc738*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x2 | out: BaseAddress=0xafc73c*=0x4e00000, SectionOffset=0x0, ViewSize=0xafc738*=0x77000) returned 0x40000003 [0045.492] wcslen (_String="\\KnownDlls32\\ntdll.dll") returned 0x16 [0045.492] NtOpenSection (in: SectionHandle=0xafc734, DesiredAccess=0xc, ObjectAttributes=0xafc6e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\KnownDlls32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: SectionHandle=0xafc734*=0x378) returned 0x0 [0045.492] NtMapViewOfSection (in: SectionHandle=0x378, ProcessHandle=0xffffffff, BaseAddress=0xafc73c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xafc738*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x2 | out: BaseAddress=0xafc73c*=0x4f80000, SectionOffset=0x0, ViewSize=0xafc738*=0x18e000) returned 0x40000003 [0045.492] wcslen (_String="\\KnownDlls32\\kernel32.dll") returned 0x19 [0045.492] NtOpenSection (in: SectionHandle=0xafc734, DesiredAccess=0xc, ObjectAttributes=0xafc6e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\KnownDlls32\\kernel32.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: SectionHandle=0xafc734*=0x37c) returned 0x0 [0045.492] NtMapViewOfSection (in: SectionHandle=0x37c, ProcessHandle=0xffffffff, BaseAddress=0xafc73c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xafc738*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x2 | out: BaseAddress=0xafc73c*=0x4e80000, SectionOffset=0x0, ViewSize=0xafc738*=0xd0000) returned 0x40000003 [0045.492] wcslen (_String="\\KnownDlls32\\user32.dll") returned 0x17 [0045.492] NtOpenSection (in: SectionHandle=0xafc734, DesiredAccess=0xc, ObjectAttributes=0xafc6e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\KnownDlls32\\user32.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: SectionHandle=0xafc734*=0x380) returned 0x0 [0045.492] NtMapViewOfSection (in: SectionHandle=0x380, ProcessHandle=0xffffffff, BaseAddress=0xafc73c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xafc738*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x2 | out: BaseAddress=0xafc73c*=0x5110000, SectionOffset=0x0, ViewSize=0xafc738*=0x13c000) returned 0x40000003 [0045.493] wcslen (_String="\\KnownDlls32\\Ole32.dll") returned 0x16 [0045.493] NtOpenSection (in: SectionHandle=0xafc734, DesiredAccess=0xc, ObjectAttributes=0xafc6e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\KnownDlls32\\Ole32.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: SectionHandle=0xafc734*=0x384) returned 0x0 [0045.493] NtMapViewOfSection (in: SectionHandle=0x384, ProcessHandle=0xffffffff, BaseAddress=0xafc73c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xafc738*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x2 | out: BaseAddress=0xafc73c*=0x5250000, SectionOffset=0x0, ViewSize=0xafc738*=0xf3000) returned 0x40000003 [0045.494] LoadLibraryA (lpLibFileName="Ole32.dll") returned 0x77920000 [0045.494] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.494] GetProcAddress (hModule=0x761b0000, lpProcName="CryptAcquireContextW") returned 0x761cfa40 [0045.494] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.494] GetProcAddress (hModule=0x761b0000, lpProcName="CryptCreateHash") returned 0x761ceed0 [0045.494] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.495] GetProcAddress (hModule=0x761b0000, lpProcName="CryptDecrypt") returned 0x761d3350 [0045.495] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.495] GetProcAddress (hModule=0x761b0000, lpProcName="CryptDeriveKey") returned 0x761e2c90 [0045.495] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.495] GetProcAddress (hModule=0x761b0000, lpProcName="CryptDestroyHash") returned 0x761cf0e0 [0045.495] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.495] GetProcAddress (hModule=0x761b0000, lpProcName="CryptDestroyKey") returned 0x761cfa60 [0045.495] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.496] GetProcAddress (hModule=0x761b0000, lpProcName="CryptHashData") returned 0x761ceef0 [0045.496] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x761b0000 [0045.496] GetProcAddress (hModule=0x761b0000, lpProcName="CryptReleaseContext") returned 0x761cfbc0 [0045.497] LoadLibraryA (lpLibFileName="user32.dll") returned 0x74b70000 [0045.497] GetProcAddress (hModule=0x74b70000, lpProcName="MessageBoxA") returned 0x74bdd740 [0045.497] LoadLibraryA (lpLibFileName="user32.dll") returned 0x74b70000 [0045.497] LoadLibraryA (lpLibFileName="user32.dll") returned 0x74b70000 [0045.498] LoadLibraryA (lpLibFileName="user32.dll") returned 0x74b70000 [0045.498] LoadLibraryA (lpLibFileName="user32.dll") returned 0x74b70000 [0045.499] GetProcAddress (hModule=0x77920000, lpProcName="CoInitializeEx") returned 0x75d32590 [0045.499] GetProcAddress (hModule=0x77920000, lpProcName="CoCreateInstance") returned 0x75cf7490 [0045.499] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75e90000 [0045.499] GetProcAddress (hModule=0x75e90000, lpProcName="CreateMutexW") returned 0x75efeb70 [0045.499] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="frenchy_shellcode_002") returned 0x388 [0045.499] strlen (_Str="C:\\\\Windows\\\\System32\\\\dllhost.exe") returned 0x22 [0045.499] strlen (_Str="C:\\\\Windows\\\\System32\\\\dllhost.exe") returned 0x22 [0045.500] mbstowcs (in: _Dest=0xafe058, _Source="C:\\\\Windows\\\\System32\\\\dllhost.exe", _MaxCount=0x23 | out: _Dest="C:\\\\Windows\\\\System32\\\\dllhost.exe") returned 0x22 [0045.500] ExpandEnvironmentStringsW (in: lpSrc="C:\\\\Windows\\\\System32\\\\dllhost.exe", lpDst=0xafe530, nSize=0x104 | out: lpDst="C:\\\\Windows\\\\System32\\\\dllhost.exe") returned 0x23 [0045.500] CreateProcessW (in: lpApplicationName="C:\\\\Windows\\\\System32\\\\dllhost.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xafe638*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xafe6b8 | out: lpCommandLine=0x0, lpProcessInformation=0xafe6b8*(hProcess=0x390, hThread=0x38c, dwProcessId=0xe5c, dwThreadId=0xa9c)) returned 1 [0045.957] NtQueryInformationProcess (in: ProcessHandle=0x390, ProcessInformationClass=0x0, ProcessInformation=0xafe684, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xafe684, ReturnLength=0x0) returned 0x0 [0045.957] NtReadVirtualMemory (in: ProcessHandle=0x390, BaseAddress=0x2ef008, Buffer=0xafe6d8, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x0 | out: Buffer=0xafe6d8*, NumberOfBytesRead=0x0) returned 0x0 [0045.957] NtCreateSection (in: SectionHandle=0xafe6b0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xafe6a0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xafe6b0*=0x398) returned 0x0 [0045.957] NtMapViewOfSection (in: SectionHandle=0x398, ProcessHandle=0xffffffff, BaseAddress=0xafe6cc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xafe6a8*=0x12000, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xafe6cc*=0x4f50000, SectionOffset=0x0, ViewSize=0xafe6a8*=0x12000) returned 0x0 [0045.958] NtMapViewOfSection (in: SectionHandle=0x398, ProcessHandle=0x390, BaseAddress=0xafe6c8*=0x400000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xafe6ac*=0x12000, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xafe6c8*=0x400000, SectionOffset=0x0, ViewSize=0xafe6ac*=0x12000) returned 0x0 [0045.960] NtWriteVirtualMemory (in: ProcessHandle=0x390, BaseAddress=0x2ef008, Buffer=0xafe6c8*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0xafe69c | out: Buffer=0xafe6c8*, NumberOfBytesWritten=0xafe69c*=0x4) returned 0x0 [0045.960] NtGetContextThread (in: ThreadHandle=0x38c, Context=0xafe260 | out: Context=0xafe260*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2ef000, Edx=0x0, Ecx=0x0, Eax=0x1111850, Ebp=0x0, Eip=0x77c24210, SegCs=0x23, EFlags=0x202, Esp=0xdfc74, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0045.961] NtSetContextThread (ThreadHandle=0x38c, Context=0xafe260*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2ef000, Edx=0x0, Ecx=0x0, Eax=0x402518, Ebp=0x0, Eip=0x77c24210, SegCs=0x23, EFlags=0x202, Esp=0xdfc74, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0045.961] NtResumeThread (in: ThreadHandle=0x38c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0046.052] GetProcessId (Process=0x390) returned 0xe5c [0046.053] CoGetContextToken (in: pToken=0xaffae8 | out: pToken=0xaffae8) returned 0x0 [0046.053] CObjectContext::QueryInterface () returned 0x0 [0046.053] CObjectContext::GetCurrentThreadType () returned 0x0 [0046.053] Release () returned 0x0 [0046.054] CoGetContextToken (in: pToken=0xaff7ec | out: pToken=0xaff7ec) returned 0x0 [0046.054] CObjectContext::QueryInterface () returned 0x0 [0046.054] CObjectContext::GetCurrentThreadType () returned 0x0 [0046.054] Release () returned 0x0 [0046.055] CoGetContextToken (in: pToken=0xaff7ec | out: pToken=0xaff7ec) returned 0x0 [0046.055] CObjectContext::QueryInterface () returned 0x0 [0046.055] CObjectContext::GetCurrentThreadType () returned 0x0 [0046.055] Release () returned 0x0 [0046.075] CoGetContextToken (in: pToken=0xaff7ec | out: pToken=0xaff7ec) returned 0x0 [0046.076] CObjectContext::QueryInterface () returned 0x0 [0046.076] CObjectContext::GetCurrentThreadType () returned 0x0 [0046.076] Release () returned 0x0 [0046.077] CoGetContextToken (in: pToken=0xaff80c | out: pToken=0xaff80c) returned 0x0 [0046.077] CObjectContext::QueryInterface () returned 0x0 [0046.077] CObjectContext::GetCurrentThreadType () returned 0x0 [0046.077] Release () returned 0x0 [0046.078] CoUninitialize () Thread: id = 2 os_tid = 0xf50 Thread: id = 3 os_tid = 0x390 Thread: id = 4 os_tid = 0xe0c [0039.257] CoGetContextToken (in: pToken=0x4a3f8d4 | out: pToken=0x4a3f8d4) returned 0x0 [0039.257] CObjectContext::QueryInterface () returned 0x0 [0039.257] CObjectContext::GetCurrentThreadType () returned 0x0 [0039.257] Release () returned 0x0 [0039.257] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0039.257] RoInitialize () returned 0x1 [0039.257] RoUninitialize () returned 0x0 [0045.413] CloseHandle (hObject=0x374) returned 1 [0046.055] EtwEventUnregister (RegHandle=0xd08fe0) returned 0x0 [0046.077] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Process: id = "2" image_name = "dllhost.exe" filename = "c:\\windows\\syswow64\\dllhost.exe" page_root = "0x7737000" os_pid = "0xe5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xf5c" cmd_line = "\"C:\\\\Windows\\\\System32\\\\dllhost.exe\"" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 5 os_tid = 0xa9c [0046.271] GetProcessHeap () returned 0x4b0000 [0046.271] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x30) returned 0x4c6278 [0046.273] GetProcessHeap () returned 0x4b0000 [0046.273] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x33c0) returned 0x4c6660 [0046.274] GetProcessHeap () returned 0x4b0000 [0046.274] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x204) returned 0x4c9a28 [0046.274] GetProcessHeap () returned 0x4b0000 [0046.274] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4bac98 [0046.277] GetTickCount () returned 0x114c1bb [0046.277] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xdfa70 | out: lpWSAData=0xdfa70) returned 0 [0046.338] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0xdfa50, cchData=32 | out: lpLCData="\x03") returned 16 [0046.338] GetProcessHeap () returned 0x4b0000 [0046.338] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1c) returned 0x4b4760 [0046.338] GetProcessHeap () returned 0x4b0000 [0046.338] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1c) returned 0x4ba868 [0046.338] GetVersion () returned 0x3ad7000a [0046.338] GetCurrentProcess () returned 0xffffffff [0046.338] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xdf9c4 | out: TokenHandle=0xdf9c4*=0x1f0) returned 1 [0046.338] GetTokenInformation (in: TokenHandle=0x1f0, TokenInformationClass=0x14, TokenInformation=0xdf9bc, TokenInformationLength=0x4, ReturnLength=0xdf9c0 | out: TokenInformation=0xdf9bc, ReturnLength=0xdf9c0) returned 1 [0046.338] CloseHandle (hObject=0x1f0) returned 1 [0046.340] GetProcessHeap () returned 0x4b0000 [0046.340] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4b42f0 [0046.340] GetProcessHeap () returned 0x4b0000 [0046.340] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4b2b58 [0046.340] GetProcessHeap () returned 0x4b0000 [0046.340] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4b0568 [0046.340] GetProcessHeap () returned 0x4b0000 [0046.340] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0046.340] GetProcessHeap () returned 0x4b0000 [0046.340] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0046.340] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4b2b58, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b0568 | out: hHeap=0x4b0000) returned 1 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b42f0 | out: hHeap=0x4b0000) returned 1 [0046.341] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xdf964, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xdf964*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b2b58 | out: hHeap=0x4b0000) returned 1 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x4bd998 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x4bdd88 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4bdd88, Size=0x72) returned 0x4b4138 [0046.341] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000001") returned 0x0 [0046.341] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000001") returned 0x1f0 [0046.341] WaitForSingleObject (hHandle=0x1f0, dwMilliseconds=0x0) returned 0x0 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd998 | out: hHeap=0x4b0000) returned 1 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b4138 | out: hHeap=0x4b0000) returned 1 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4b2b58 [0046.341] GetProcessHeap () returned 0x4b0000 [0046.341] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4b42f0 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4b0568 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0046.342] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4b42f0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b0568 | out: hHeap=0x4b0000) returned 1 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b2b58 | out: hHeap=0x4b0000) returned 1 [0046.342] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xdf94c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xdf94c*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b42f0 | out: hHeap=0x4b0000) returned 1 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x4bdd40 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x4bdb48 [0046.342] GetProcessHeap () returned 0x4b0000 [0046.342] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4bdb48, Size=0x72) returned 0x4ce4c0 [0046.342] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0046.343] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x1f4 [0046.343] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0x0) returned 0x0 [0046.343] GetProcessHeap () returned 0x4b0000 [0046.343] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bdd40 | out: hHeap=0x4b0000) returned 1 [0046.343] GetProcessHeap () returned 0x4b0000 [0046.343] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ce4c0 | out: hHeap=0x4b0000) returned 1 [0046.343] ReleaseMutex (hMutex=0x1f4) returned 1 [0046.343] CloseHandle (hObject=0x1f4) returned 1 [0046.343] GetProcessHeap () returned 0x4b0000 [0046.343] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x30) returned 0x4c6128 [0046.343] GetProcessHeap () returned 0x4b0000 [0046.343] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4cf1a0 [0046.343] GetVersion () returned 0x3ad7000a [0046.343] GetProcessHeap () returned 0x4b0000 [0046.343] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4b4138 [0046.343] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0046.343] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0046.343] Wow64DisableWow64FsRedirection (in: OldValue=0xdf9a0 | out: OldValue=0xdf9a0*=0x0) returned 1 [0046.343] GetProcessHeap () returned 0x4b0000 [0046.343] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b4138 | out: hHeap=0x4b0000) returned 1 [0046.343] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x761b0000 [0046.343] GetProcAddress (hModule=0x761b0000, lpProcName="CreateProcessWithTokenW") returned 0x761c0c70 [0046.343] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4cf1a0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe")) returned 0x1f [0046.344] GetShellWindow () returned 0x100f0 [0046.344] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0xdf9ac | out: lpdwProcessId=0xdf9ac) returned 0x864 [0046.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x860) returned 0x1f4 [0046.344] OpenProcessToken (in: ProcessHandle=0x1f4, DesiredAccess=0x2000000, TokenHandle=0xdf9bc | out: TokenHandle=0xdf9bc*=0x1f8) returned 1 [0046.344] DuplicateTokenEx (in: hExistingToken=0x1f8, dwDesiredAccess=0x2000000, lpTokenAttributes=0xdf984, ImpersonationLevel=0x2, TokenType=0x1, phNewToken=0xdf9c0 | out: phNewToken=0xdf9c0*=0x1fc) returned 1 [0046.344] CreateProcessWithTokenW (in: hToken=0x1fc, dwLogonFlags=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dllhost.exe", lpCommandLine=0x0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xdf938*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xdf990 | out: lpCommandLine=0x0, lpProcessInformation=0xdf990*(hProcess=0x220, hThread=0x224, dwProcessId=0x2ac, dwThreadId=0xa28)) returned 1 [0047.069] GetProcessHeap () returned 0x4b0000 [0047.069] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4d0b58 [0047.069] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0047.074] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x75ea6b50 [0047.074] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0047.074] GetProcessHeap () returned 0x4b0000 [0047.074] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0b58 | out: hHeap=0x4b0000) returned 1 [0047.074] CloseHandle (hObject=0x1f4) returned 1 [0047.075] CloseHandle (hObject=0x220) returned 1 [0047.075] CloseHandle (hObject=0x224) returned 1 [0047.075] CloseHandle (hObject=0x1f8) returned 1 [0047.075] CloseHandle (hObject=0x1fc) returned 1 [0047.075] GetProcessHeap () returned 0x4b0000 [0047.075] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf1a0 | out: hHeap=0x4b0000) returned 1 [0047.075] GetProcessHeap () returned 0x4b0000 [0047.075] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c6128 | out: hHeap=0x4b0000) returned 1 [0047.075] Sleep (dwMilliseconds=0x1388) [0052.103] GetProcessHeap () returned 0x4b0000 [0052.103] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x60) returned 0x4b3ef8 [0052.103] GetProcessHeap () returned 0x4b0000 [0052.103] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf660 [0052.103] GetProcessHeap () returned 0x4b0000 [0052.103] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf480 [0052.103] GetProcessHeap () returned 0x4b0000 [0052.103] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4cf688 [0052.103] GetProcessHeap () returned 0x4b0000 [0052.103] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0052.103] GetProcessHeap () returned 0x4b0000 [0052.103] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0052.103] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x4cf480, nSize=0xf | out: lpDst="") returned 0x1e [0052.103] GetProcessHeap () returned 0x4b0000 [0052.103] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf688 | out: hHeap=0x4b0000) returned 1 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4cf480, Size=0x3a) returned 0x4bde18 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x3a) returned 0x4bdd88 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0052.104] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x4bde18, nSize=0x1d | out: lpDst="") returned 0x1e [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bdd88 | out: hHeap=0x4b0000) returned 1 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4bde18, Size=0x72) returned 0x4ce640 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x72) returned 0x4cef40 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0052.104] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x4ce640, nSize=0x39 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local") returned 0x1e [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cef40 | out: hHeap=0x4b0000) returned 1 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf660 | out: hHeap=0x4b0000) returned 1 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x4bdb00 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3e) returned 0x4bdf38 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x3e) returned 0x4bdf80 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0052.104] GetProcessHeap () returned 0x4b0000 [0052.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x10) returned 0x4d1060 [0052.104] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8a4 | out: phkResult=0xdf8a4*=0x1f8) returned 0x0 [0052.105] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Startup", lpReserved=0x0, lpType=0xdf8a0, lpData=0x4bdf80, lpcbData=0xdf8a8*=0x3e | out: lpType=0xdf8a0*=0x2, lpData=0x4bdf80*=0x43, lpcbData=0xdf8a8*=0x98) returned 0xea [0052.105] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.105] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1060 | out: hHeap=0x4b0000) returned 1 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.105] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.105] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bdf80 | out: hHeap=0x4b0000) returned 1 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.105] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4bdf38, Size=0x7a) returned 0x4b2df8 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.105] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x7a) returned 0x4b48b8 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.105] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.105] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x10) returned 0x4d11b0 [0052.105] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8a4 | out: phkResult=0xdf8a4*=0x1f8) returned 0x0 [0052.105] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Startup", lpReserved=0x0, lpType=0xdf8a0, lpData=0x4b48b8, lpcbData=0xdf8a8*=0x7a | out: lpType=0xdf8a0*=0x2, lpData=0x4b48b8*=0x10, lpcbData=0xdf8a8*=0x98) returned 0xea [0052.105] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.105] GetProcessHeap () returned 0x4b0000 [0052.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d11b0 | out: hHeap=0x4b0000) returned 1 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b2df8, Size=0xf2) returned 0x4b8910 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xf2) returned 0x4b86f8 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x10) returned 0x4d1270 [0052.106] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8a4 | out: phkResult=0xdf8a4*=0x1f8) returned 0x0 [0052.106] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Startup", lpReserved=0x0, lpType=0xdf8a0, lpData=0x4b86f8, lpcbData=0xdf8a8*=0xf2 | out: lpType=0xdf8a0*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0xdf8a8*=0x98) returned 0x0 [0052.106] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1270 | out: hHeap=0x4b0000) returned 1 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf4f8 [0052.106] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8a4 | out: phkResult=0xdf8a4*=0x1f8) returned 0x0 [0052.106] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Common Startup", lpReserved=0x0, lpType=0xdf8a0, lpData=0x4b8790, lpcbData=0xdf8a8*=0x5a | out: lpType=0xdf8a0*=0x0, lpData=0x4b8790*=0x1a, lpcbData=0xdf8a8*=0x5a) returned 0x2 [0052.106] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.106] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8b8 | out: phkResult=0xdf8b8*=0x1f8) returned 0x0 [0052.106] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Common Startup", lpReserved=0x0, lpType=0xdf8b4, lpData=0x4b8790, lpcbData=0xdf8bc*=0x5a | out: lpType=0xdf8b4*=0x2, lpData=0x4b8790*=0x1a, lpcbData=0xdf8bc*=0x78) returned 0xea [0052.106] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf4f8 | out: hHeap=0x4b0000) returned 1 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0052.106] GetProcessHeap () returned 0x4b0000 [0052.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b86f8 | out: hHeap=0x4b0000) returned 1 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b8910, Size=0x1e2) returned 0x4cf7c0 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e2) returned 0x4cf1a0 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b48b8 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x10) returned 0x4d1090 [0052.107] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8a4 | out: phkResult=0xdf8a4*=0x1f8) returned 0x0 [0052.107] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Startup", lpReserved=0x0, lpType=0xdf8a0, lpData=0x4cf1a0, lpcbData=0xdf8a8*=0x1e2 | out: lpType=0xdf8a0*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0xdf8a8*=0x98) returned 0x0 [0052.107] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1090 | out: hHeap=0x4b0000) returned 1 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf700 [0052.107] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8a4 | out: phkResult=0xdf8a4*=0x1f8) returned 0x0 [0052.107] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Common Startup", lpReserved=0x0, lpType=0xdf8a0, lpData=0x4cf238, lpcbData=0xdf8a8*=0x14a | out: lpType=0xdf8a0*=0x0, lpData=0x4cf238*=0x0, lpcbData=0xdf8a8*=0x14a) returned 0x2 [0052.107] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.107] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0xdf8b8 | out: phkResult=0xdf8b8*=0x1f8) returned 0x0 [0052.107] RegQueryValueExW (in: hKey=0x1f8, lpValueName="Common Startup", lpReserved=0x0, lpType=0xdf8b4, lpData=0x4cf238, lpcbData=0xdf8bc*=0x14a | out: lpType=0xdf8b4*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0xdf8bc*=0x78) returned 0x0 [0052.107] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf700 | out: hHeap=0x4b0000) returned 1 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b48b8 | out: hHeap=0x4b0000) returned 1 [0052.107] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpDst=0x4cf7c0, nSize=0xf1 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup;C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x8b [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf1a0 | out: hHeap=0x4b0000) returned 1 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.107] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bdb00 | out: hHeap=0x4b0000) returned 1 [0052.107] GetProcessHeap () returned 0x4b0000 [0052.108] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4cf1a0 [0052.108] GetProcessHeap () returned 0x4b0000 [0052.108] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4cffe0 [0052.108] GetProcessHeap () returned 0x4b0000 [0052.108] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4d01f8 [0052.108] GetProcessHeap () returned 0x4b0000 [0052.108] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4d3568 [0052.108] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4cf1a0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe")) returned 0x1f [0052.108] GetProcessHeap () returned 0x4b0000 [0052.108] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4d3780 [0052.108] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4d3780, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe")) returned 0x1f [0052.108] GetProcessHeap () returned 0x4b0000 [0052.108] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3780 | out: hHeap=0x4b0000) returned 1 [0052.108] GetProcessHeap () returned 0x4b0000 [0052.108] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4d3780 [0052.108] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4d3780, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe")) returned 0x1f [0052.108] GetProcessHeap () returned 0x4b0000 [0052.108] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3780 | out: hHeap=0x4b0000) returned 1 [0052.108] CopyFileW (lpExistingFileName="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe"), lpNewFileName="C:\\Users\\FD1HVy\\AppData\\Local\\dllhost.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\dllhost.exe"), bFailIfExists=0) returned 1 [0052.308] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0xdf9a0 | out: phkResult=0xdf9a0*=0x1f8) returned 0x0 [0052.308] RegSetValueExW (in: hKey=0x1f8, lpValueName="dllhost", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\FD1HVy\\AppData\\Local\\dllhost.exe", cbData=0x52 | out: lpData="C:\\Users\\FD1HVy\\AppData\\Local\\dllhost.exe") returned 0x0 [0052.308] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.308] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0xdf99c | out: phkResult=0xdf99c*=0x1f8) returned 0x0 [0052.308] RegSetValueExW (in: hKey=0x1f8, lpValueName="dllhost", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\FD1HVy\\AppData\\Local\\dllhost.exe", cbData=0x52 | out: lpData="C:\\Users\\FD1HVy\\AppData\\Local\\dllhost.exe") returned 0x0 [0052.308] RegCloseKey (hKey=0x1f8) returned 0x0 [0052.308] GetProcessHeap () returned 0x4b0000 [0052.308] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x118) returned 0x4ba6a8 [0052.308] CopyFileW (lpExistingFileName="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe"), lpNewFileName="c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\dllhost.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\dllhost.exe"), bFailIfExists=1) returned 1 [0052.312] CopyFileW (lpExistingFileName="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe"), lpNewFileName="c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\dllhost.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\dllhost.exe"), bFailIfExists=1) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba6a8 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf1a0 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cffe0 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d01f8 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3568 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b3ef8 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ce640 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf7c0 | out: hHeap=0x4b0000) returned 1 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf480 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf700 [0052.318] GetProcessHeap () returned 0x4b0000 [0052.318] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4cf688 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.319] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4cf700, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf688 | out: hHeap=0x4b0000) returned 1 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf480 | out: hHeap=0x4b0000) returned 1 [0052.319] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xdf9bc, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xdf9bc*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf700 | out: hHeap=0x4b0000) returned 1 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x4c0168 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1258 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x60) returned 0x4b3ef8 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x5a) returned 0x4b3838 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b3838, Size=0xb2) returned 0x4bb588 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d11c8 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x180) returned 0x4cf7c0 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.319] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x250) returned 0x4cffe0 [0052.319] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x84) returned 0x4b8148 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x84) returned 0x4b9cf0 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9a78 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9a78 | out: hHeap=0x4b0000) returned 1 [0052.320] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x4b8148, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9cf0 | out: hHeap=0x4b0000) returned 1 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xc0) returned 0x4b9cf0 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0xb8) returned 0x4b9a78 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xb8) returned 0x4bb1c8 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.320] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;C:\\ProgramData\\microsoft\\windows\\caches;C:\\Users\\admin\\microsoft\\windows\\caches;", lpDst=0x4b9a78, nSize=0x5c | out: lpDst="C:\\Windows;C:\\ProgramData\\microsoft\\windows\\caches;C:\\Users\\admin\\microsoft\\windows\\caches;") returned 0x5c [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bb1c8 | out: hHeap=0x4b0000) returned 1 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9cf0 | out: hHeap=0x4b0000) returned 1 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4cf1a0 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4d0238 [0052.320] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4d0238, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe")) returned 0x1f [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0238 | out: hHeap=0x4b0000) returned 1 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x174) returned 0x4d0238 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.320] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4d0238, Size=0x3be) returned 0x4d3568 [0052.320] GetProcessHeap () returned 0x4b0000 [0052.321] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x86) returned 0x4b9c10 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b9c10, Size=0x9e) returned 0x4b9cf0 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xba) returned 0x4bb1c8 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf1a0 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf7c0 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cffe0 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8148 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9a78 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1258 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b3ef8 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf610 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf520 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4cf480 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.321] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4cf520, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf480 | out: hHeap=0x4b0000) returned 1 [0052.321] GetProcessHeap () returned 0x4b0000 [0052.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf610 | out: hHeap=0x4b0000) returned 1 [0052.321] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xdf9bc, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xdf9bc*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf520 | out: hHeap=0x4b0000) returned 1 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x4c0438 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1168 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x60) returned 0x4b3ef8 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x5a) returned 0x4b3838 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b3838, Size=0xb2) returned 0x4b9a78 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d10d8 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x180) returned 0x4cf7c0 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x250) returned 0x4cffe0 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x84) returned 0x4b8148 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x84) returned 0x4b3c40 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b8910 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8910 | out: hHeap=0x4b0000) returned 1 [0052.323] ExpandEnvironmentStringsW (in: lpSrc="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys", lpDst=0x4b8148, nSize=0x42 | out: lpDst="info.hta;info.txt;boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys") returned 0x42 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b3c40 | out: hHeap=0x4b0000) returned 1 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xc0) returned 0x4b3c40 [0052.323] GetProcessHeap () returned 0x4b0000 [0052.323] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0xb8) returned 0x4b8910 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xb8) returned 0x4b86f8 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.324] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows;C:\\ProgramData\\microsoft\\windows\\caches;C:\\Users\\admin\\microsoft\\windows\\caches;", lpDst=0x4b8910, nSize=0x5c | out: lpDst="C:\\Windows;C:\\ProgramData\\microsoft\\windows\\caches;C:\\Users\\admin\\microsoft\\windows\\caches;") returned 0x5c [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b86f8 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b3c40 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4cf1a0 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20a) returned 0x4d0238 [0052.324] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4d0238, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe")) returned 0x1f [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0238 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x174) returned 0x4d0238 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x24e) returned 0x4d3930 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x86) returned 0x4b9c10 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b9c10, Size=0x9e) returned 0x4b3c40 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xba) returned 0x4b86f8 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf1a0 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf7c0 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cffe0 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8148 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8910 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1168 | out: hHeap=0x4b0000) returned 1 [0052.324] GetProcessHeap () returned 0x4b0000 [0052.324] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b3ef8 | out: hHeap=0x4b0000) returned 1 [0052.325] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x402013, lpParameter=0xdf9e8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1f8 [0052.325] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x401fab, lpParameter=0xdf9f8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x224 [0052.326] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x401e4e, lpParameter=0xdfa04, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x240 [0052.326] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x401859, lpParameter=0xdf9f8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x244 [0052.327] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40197c, lpParameter=0xdf9f8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x248 [0052.327] WaitForSingleObject (hHandle=0x244, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0xdb4 Thread: id = 9 os_tid = 0x48c [0052.378] GetVersion () returned 0x3ad7000a [0052.378] GetCurrentProcess () returned 0xffffffff [0052.378] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x1ffbc8 | out: TokenHandle=0x1ffbc8*=0x24c) returned 1 [0052.378] GetTokenInformation (in: TokenHandle=0x24c, TokenInformationClass=0x14, TokenInformation=0x1ffbc0, TokenInformationLength=0x4, ReturnLength=0x1ffbc4 | out: TokenInformation=0x1ffbc0, ReturnLength=0x1ffbc4) returned 1 [0052.378] CloseHandle (hObject=0x24c) returned 1 [0052.378] GetProcessHeap () returned 0x4b0000 [0052.378] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf688 [0052.378] GetProcessHeap () returned 0x4b0000 [0052.379] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf5c0 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4cf520 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4b9c10 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.379] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4cf5c0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf520 | out: hHeap=0x4b0000) returned 1 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf688 | out: hHeap=0x4b0000) returned 1 [0052.379] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf5c0 | out: hHeap=0x4b0000) returned 1 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x4bde60 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x4bdea8 [0052.379] GetProcessHeap () returned 0x4b0000 [0052.379] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4bdea8, Size=0x72) returned 0x4ce1c0 [0052.379] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0052.379] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x24c [0052.380] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0x0) returned 0x0 [0052.380] GetProcessHeap () returned 0x4b0000 [0052.380] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bde60 | out: hHeap=0x4b0000) returned 1 [0052.380] GetProcessHeap () returned 0x4b0000 [0052.380] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ce1c0 | out: hHeap=0x4b0000) returned 1 [0052.380] ReleaseMutex (hMutex=0x24c) returned 1 [0052.380] CloseHandle (hObject=0x24c) returned 1 [0052.380] Sleep (dwMilliseconds=0x3e8) [0053.662] GetProcessHeap () returned 0x4b0000 [0053.662] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf520 [0053.662] GetProcessHeap () returned 0x4b0000 [0053.662] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf408 [0053.662] GetProcessHeap () returned 0x4b0000 [0053.662] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4cf570 [0053.662] GetProcessHeap () returned 0x4b0000 [0053.663] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eabb0 [0053.663] GetProcessHeap () returned 0x4b0000 [0053.663] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eabb0 | out: hHeap=0x4b0000) returned 1 [0053.663] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4cf408, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0053.663] GetProcessHeap () returned 0x4b0000 [0053.663] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf570 | out: hHeap=0x4b0000) returned 1 [0053.663] GetProcessHeap () returned 0x4b0000 [0053.663] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf520 | out: hHeap=0x4b0000) returned 1 [0053.663] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0053.676] GetProcessHeap () returned 0x4b0000 [0053.676] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf408 | out: hHeap=0x4b0000) returned 1 [0053.676] GetProcessHeap () returned 0x4b0000 [0053.676] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a90e8 [0053.676] GetProcessHeap () returned 0x4b0000 [0053.676] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a8fc8 [0053.676] GetProcessHeap () returned 0x4b0000 [0053.676] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a8fc8, Size=0x72) returned 0x4ce5c0 [0053.676] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0053.677] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x304 [0053.677] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0x0) returned 0x0 [0053.677] GetProcessHeap () returned 0x4b0000 [0053.677] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a90e8 | out: hHeap=0x4b0000) returned 1 [0053.677] GetProcessHeap () returned 0x4b0000 [0053.677] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ce5c0 | out: hHeap=0x4b0000) returned 1 [0053.677] ReleaseMutex (hMutex=0x304) returned 1 [0053.677] CloseHandle (hObject=0x304) returned 1 [0053.677] Sleep (dwMilliseconds=0x3e8) [0054.925] GetProcessHeap () returned 0x4b0000 [0054.925] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f7d8 [0054.925] GetProcessHeap () returned 0x4b0000 [0054.925] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f788 [0054.925] GetProcessHeap () returned 0x4b0000 [0054.925] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f5d0 [0054.925] GetProcessHeap () returned 0x4b0000 [0054.925] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea528 [0054.925] GetProcessHeap () returned 0x4b0000 [0054.925] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea528 | out: hHeap=0x4b0000) returned 1 [0054.925] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f788, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0054.925] GetProcessHeap () returned 0x4b0000 [0054.925] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f5d0 | out: hHeap=0x4b0000) returned 1 [0054.925] GetProcessHeap () returned 0x4b0000 [0054.925] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f7d8 | out: hHeap=0x4b0000) returned 1 [0054.925] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0054.926] GetProcessHeap () returned 0x4b0000 [0054.926] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f788 | out: hHeap=0x4b0000) returned 1 [0054.926] GetProcessHeap () returned 0x4b0000 [0054.926] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a97a8 [0054.926] GetProcessHeap () returned 0x4b0000 [0054.926] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a97f0 [0054.926] GetProcessHeap () returned 0x4b0000 [0054.926] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a97f0, Size=0x72) returned 0x4ceec0 [0054.926] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0054.926] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x30c [0054.926] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0x0) returned 0x0 [0054.926] GetProcessHeap () returned 0x4b0000 [0054.926] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a97a8 | out: hHeap=0x4b0000) returned 1 [0054.926] GetProcessHeap () returned 0x4b0000 [0054.926] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ceec0 | out: hHeap=0x4b0000) returned 1 [0054.926] ReleaseMutex (hMutex=0x30c) returned 1 [0054.926] CloseHandle (hObject=0x30c) returned 1 [0054.926] Sleep (dwMilliseconds=0x3e8) [0056.071] GetProcessHeap () returned 0x4b0000 [0056.071] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f828 [0056.071] GetProcessHeap () returned 0x4b0000 [0056.071] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f4b8 [0056.071] GetProcessHeap () returned 0x4b0000 [0056.071] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f788 [0056.071] GetProcessHeap () returned 0x4b0000 [0056.071] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea950 [0056.071] GetProcessHeap () returned 0x4b0000 [0056.071] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea950 | out: hHeap=0x4b0000) returned 1 [0056.071] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f4b8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0056.071] GetProcessHeap () returned 0x4b0000 [0056.071] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f788 | out: hHeap=0x4b0000) returned 1 [0056.071] GetProcessHeap () returned 0x4b0000 [0056.072] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f828 | out: hHeap=0x4b0000) returned 1 [0056.072] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0056.072] GetProcessHeap () returned 0x4b0000 [0056.072] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f4b8 | out: hHeap=0x4b0000) returned 1 [0056.072] GetProcessHeap () returned 0x4b0000 [0056.072] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9490 [0056.072] GetProcessHeap () returned 0x4b0000 [0056.072] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a8f80 [0056.072] GetProcessHeap () returned 0x4b0000 [0056.072] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a8f80, Size=0x72) returned 0x4ce6c0 [0056.072] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0056.072] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x34c [0056.072] WaitForSingleObject (hHandle=0x34c, dwMilliseconds=0x0) returned 0x0 [0056.072] GetProcessHeap () returned 0x4b0000 [0056.072] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9490 | out: hHeap=0x4b0000) returned 1 [0056.072] GetProcessHeap () returned 0x4b0000 [0056.072] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ce6c0 | out: hHeap=0x4b0000) returned 1 [0056.072] ReleaseMutex (hMutex=0x34c) returned 1 [0056.072] CloseHandle (hObject=0x34c) returned 1 [0056.072] Sleep (dwMilliseconds=0x3e8) [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f710 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f4b8 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f738 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea360 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea360 | out: hHeap=0x4b0000) returned 1 [0057.112] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f4b8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f738 | out: hHeap=0x4b0000) returned 1 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f710 | out: hHeap=0x4b0000) returned 1 [0057.112] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f4b8 | out: hHeap=0x4b0000) returned 1 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a95f8 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9208 [0057.112] GetProcessHeap () returned 0x4b0000 [0057.113] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9208, Size=0x72) returned 0x4cf0c0 [0057.113] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0057.113] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x34c [0057.113] WaitForSingleObject (hHandle=0x34c, dwMilliseconds=0x0) returned 0x0 [0057.113] GetProcessHeap () returned 0x4b0000 [0057.113] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a95f8 | out: hHeap=0x4b0000) returned 1 [0057.113] GetProcessHeap () returned 0x4b0000 [0057.113] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf0c0 | out: hHeap=0x4b0000) returned 1 [0057.113] ReleaseMutex (hMutex=0x34c) returned 1 [0057.113] CloseHandle (hObject=0x34c) returned 1 [0057.113] Sleep (dwMilliseconds=0x3e8) [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f7d8 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f6e8 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f648 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea528 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea528 | out: hHeap=0x4b0000) returned 1 [0058.146] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f6e8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f648 | out: hHeap=0x4b0000) returned 1 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f7d8 | out: hHeap=0x4b0000) returned 1 [0058.146] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6e8 | out: hHeap=0x4b0000) returned 1 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a97f0 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9568 [0058.146] GetProcessHeap () returned 0x4b0000 [0058.146] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9568, Size=0x72) returned 0x4ceac0 [0058.146] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0058.147] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x35c [0058.147] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0x0) returned 0x0 [0058.147] GetProcessHeap () returned 0x4b0000 [0058.147] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a97f0 | out: hHeap=0x4b0000) returned 1 [0058.147] GetProcessHeap () returned 0x4b0000 [0058.147] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ceac0 | out: hHeap=0x4b0000) returned 1 [0058.147] ReleaseMutex (hMutex=0x35c) returned 1 [0058.147] CloseHandle (hObject=0x35c) returned 1 [0058.147] Sleep (dwMilliseconds=0x3e8) [0059.163] GetProcessHeap () returned 0x4b0000 [0059.163] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f558 [0059.163] GetProcessHeap () returned 0x4b0000 [0059.163] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f6c0 [0059.163] GetProcessHeap () returned 0x4b0000 [0059.163] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f7d8 [0059.163] GetProcessHeap () returned 0x4b0000 [0059.163] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea8b8 [0059.163] GetProcessHeap () returned 0x4b0000 [0059.163] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea8b8 | out: hHeap=0x4b0000) returned 1 [0059.163] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f6c0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f7d8 | out: hHeap=0x4b0000) returned 1 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f558 | out: hHeap=0x4b0000) returned 1 [0059.164] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6c0 | out: hHeap=0x4b0000) returned 1 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a90a0 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a90e8 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a90e8, Size=0x72) returned 0x4cefc0 [0059.164] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0059.164] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x334 [0059.164] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x0) returned 0x0 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a90a0 | out: hHeap=0x4b0000) returned 1 [0059.164] GetProcessHeap () returned 0x4b0000 [0059.164] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cefc0 | out: hHeap=0x4b0000) returned 1 [0059.164] ReleaseMutex (hMutex=0x334) returned 1 [0059.164] CloseHandle (hObject=0x334) returned 1 [0059.164] Sleep (dwMilliseconds=0x3e8) [0060.197] GetProcessHeap () returned 0x4b0000 [0060.197] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f378 [0060.197] GetProcessHeap () returned 0x4b0000 [0060.197] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f670 [0060.197] GetProcessHeap () returned 0x4b0000 [0060.197] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f468 [0060.197] GetProcessHeap () returned 0x4b0000 [0060.197] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eace0 [0060.197] GetProcessHeap () returned 0x4b0000 [0060.197] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eace0 | out: hHeap=0x4b0000) returned 1 [0060.197] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f670, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0060.197] GetProcessHeap () returned 0x4b0000 [0060.197] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0060.197] GetProcessHeap () returned 0x4b0000 [0060.197] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f378 | out: hHeap=0x4b0000) returned 1 [0060.197] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0060.198] GetProcessHeap () returned 0x4b0000 [0060.198] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f670 | out: hHeap=0x4b0000) returned 1 [0060.198] GetProcessHeap () returned 0x4b0000 [0060.198] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9178 [0060.198] GetProcessHeap () returned 0x4b0000 [0060.198] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9448 [0060.198] GetProcessHeap () returned 0x4b0000 [0060.198] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9448, Size=0x72) returned 0x4cf0c0 [0060.198] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0060.198] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x34c [0060.198] WaitForSingleObject (hHandle=0x34c, dwMilliseconds=0x0) returned 0x0 [0060.198] GetProcessHeap () returned 0x4b0000 [0060.198] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9178 | out: hHeap=0x4b0000) returned 1 [0060.198] GetProcessHeap () returned 0x4b0000 [0060.198] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf0c0 | out: hHeap=0x4b0000) returned 1 [0060.198] ReleaseMutex (hMutex=0x34c) returned 1 [0060.198] CloseHandle (hObject=0x34c) returned 1 [0060.199] Sleep (dwMilliseconds=0x3e8) [0061.252] GetProcessHeap () returned 0x4b0000 [0061.252] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f5a8 [0061.252] GetProcessHeap () returned 0x4b0000 [0061.252] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f3c8 [0061.252] GetProcessHeap () returned 0x4b0000 [0061.252] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f558 [0061.252] GetProcessHeap () returned 0x4b0000 [0061.252] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea788 [0061.252] GetProcessHeap () returned 0x4b0000 [0061.252] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea788 | out: hHeap=0x4b0000) returned 1 [0061.252] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f3c8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0061.252] GetProcessHeap () returned 0x4b0000 [0061.252] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f558 | out: hHeap=0x4b0000) returned 1 [0061.252] GetProcessHeap () returned 0x4b0000 [0061.253] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f5a8 | out: hHeap=0x4b0000) returned 1 [0061.253] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0061.253] GetProcessHeap () returned 0x4b0000 [0061.253] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f3c8 | out: hHeap=0x4b0000) returned 1 [0061.253] GetProcessHeap () returned 0x4b0000 [0061.253] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a92e0 [0061.253] GetProcessHeap () returned 0x4b0000 [0061.253] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9328 [0061.253] GetProcessHeap () returned 0x4b0000 [0061.253] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9328, Size=0x72) returned 0x4ced40 [0061.253] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0061.253] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x37c [0061.253] WaitForSingleObject (hHandle=0x37c, dwMilliseconds=0x0) returned 0x0 [0061.253] GetProcessHeap () returned 0x4b0000 [0061.253] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a92e0 | out: hHeap=0x4b0000) returned 1 [0061.253] GetProcessHeap () returned 0x4b0000 [0061.253] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ced40 | out: hHeap=0x4b0000) returned 1 [0061.253] ReleaseMutex (hMutex=0x37c) returned 1 [0061.253] CloseHandle (hObject=0x37c) returned 1 [0061.253] Sleep (dwMilliseconds=0x3e8) [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f6e8 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f468 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f760 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eaf40 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eaf40 | out: hHeap=0x4b0000) returned 1 [0062.284] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f468, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f760 | out: hHeap=0x4b0000) returned 1 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6e8 | out: hHeap=0x4b0000) returned 1 [0062.284] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9490 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9760 [0062.284] GetProcessHeap () returned 0x4b0000 [0062.284] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9760, Size=0x72) returned 0x4e77b8 [0062.284] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0062.285] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x34c [0062.285] WaitForSingleObject (hHandle=0x34c, dwMilliseconds=0x0) returned 0x0 [0062.285] GetProcessHeap () returned 0x4b0000 [0062.285] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9490 | out: hHeap=0x4b0000) returned 1 [0062.285] GetProcessHeap () returned 0x4b0000 [0062.285] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e77b8 | out: hHeap=0x4b0000) returned 1 [0062.285] ReleaseMutex (hMutex=0x34c) returned 1 [0062.285] CloseHandle (hObject=0x34c) returned 1 [0062.285] Sleep (dwMilliseconds=0x3e8) [0063.320] GetProcessHeap () returned 0x4b0000 [0063.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f418 [0063.320] GetProcessHeap () returned 0x4b0000 [0063.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f468 [0063.320] GetProcessHeap () returned 0x4b0000 [0063.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f4b8 [0063.320] GetProcessHeap () returned 0x4b0000 [0063.320] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea658 [0063.320] GetProcessHeap () returned 0x4b0000 [0063.320] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea658 | out: hHeap=0x4b0000) returned 1 [0063.320] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f468, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0063.321] GetProcessHeap () returned 0x4b0000 [0063.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f4b8 | out: hHeap=0x4b0000) returned 1 [0063.321] GetProcessHeap () returned 0x4b0000 [0063.321] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f418 | out: hHeap=0x4b0000) returned 1 [0063.321] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0063.327] GetProcessHeap () returned 0x4b0000 [0063.327] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0063.327] GetProcessHeap () returned 0x4b0000 [0063.327] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9328 [0063.327] GetProcessHeap () returned 0x4b0000 [0063.327] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a8fc8 [0063.327] GetProcessHeap () returned 0x4b0000 [0063.327] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a8fc8, Size=0x72) returned 0x4e6a38 [0063.327] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0063.327] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x358 [0063.327] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0x0) returned 0x0 [0063.327] GetProcessHeap () returned 0x4b0000 [0063.327] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9328 | out: hHeap=0x4b0000) returned 1 [0063.327] GetProcessHeap () returned 0x4b0000 [0063.327] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6a38 | out: hHeap=0x4b0000) returned 1 [0063.327] ReleaseMutex (hMutex=0x358) returned 1 [0063.327] CloseHandle (hObject=0x358) returned 1 [0063.327] Sleep (dwMilliseconds=0x3e8) [0064.649] GetProcessHeap () returned 0x4b0000 [0064.665] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f378 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f7d8 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f648 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea658 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea658 | out: hHeap=0x4b0000) returned 1 [0064.665] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f7d8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f648 | out: hHeap=0x4b0000) returned 1 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f378 | out: hHeap=0x4b0000) returned 1 [0064.665] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f7d8 | out: hHeap=0x4b0000) returned 1 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9178 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a97a8 [0064.665] GetProcessHeap () returned 0x4b0000 [0064.665] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a97a8, Size=0x72) returned 0x4e6ab8 [0064.665] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0064.666] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x330 [0064.666] WaitForSingleObject (hHandle=0x330, dwMilliseconds=0x0) returned 0x0 [0064.666] GetProcessHeap () returned 0x4b0000 [0064.666] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9178 | out: hHeap=0x4b0000) returned 1 [0064.666] GetProcessHeap () returned 0x4b0000 [0064.666] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6ab8 | out: hHeap=0x4b0000) returned 1 [0064.666] ReleaseMutex (hMutex=0x330) returned 1 [0064.666] CloseHandle (hObject=0x330) returned 1 [0064.666] Sleep (dwMilliseconds=0x3e8) [0065.922] GetProcessHeap () returned 0x4b0000 [0065.922] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f7d8 [0065.922] GetProcessHeap () returned 0x4b0000 [0065.922] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f508 [0065.922] GetProcessHeap () returned 0x4b0000 [0065.922] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f828 [0065.922] GetProcessHeap () returned 0x4b0000 [0065.922] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea360 [0065.922] GetProcessHeap () returned 0x4b0000 [0065.922] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea360 | out: hHeap=0x4b0000) returned 1 [0065.922] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f508, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0065.923] GetProcessHeap () returned 0x4b0000 [0065.923] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f828 | out: hHeap=0x4b0000) returned 1 [0065.923] GetProcessHeap () returned 0x4b0000 [0065.923] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f7d8 | out: hHeap=0x4b0000) returned 1 [0065.923] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0065.923] GetProcessHeap () returned 0x4b0000 [0065.923] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f508 | out: hHeap=0x4b0000) returned 1 [0065.923] GetProcessHeap () returned 0x4b0000 [0065.923] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a8f38 [0065.923] GetProcessHeap () returned 0x4b0000 [0065.923] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9760 [0065.923] GetProcessHeap () returned 0x4b0000 [0065.923] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9760, Size=0x72) returned 0x4e7038 [0065.923] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0065.923] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x348 [0065.923] WaitForSingleObject (hHandle=0x348, dwMilliseconds=0x0) returned 0x0 [0065.923] GetProcessHeap () returned 0x4b0000 [0065.923] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a8f38 | out: hHeap=0x4b0000) returned 1 [0065.924] GetProcessHeap () returned 0x4b0000 [0065.924] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e7038 | out: hHeap=0x4b0000) returned 1 [0065.924] ReleaseMutex (hMutex=0x348) returned 1 [0065.924] CloseHandle (hObject=0x348) returned 1 [0065.924] Sleep (dwMilliseconds=0x3e8) [0067.130] GetProcessHeap () returned 0x4b0000 [0067.130] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f7d8 [0067.130] GetProcessHeap () returned 0x4b0000 [0067.130] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f558 [0067.130] GetProcessHeap () returned 0x4b0000 [0067.130] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f6c0 [0067.130] GetProcessHeap () returned 0x4b0000 [0067.130] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eac48 [0067.130] GetProcessHeap () returned 0x4b0000 [0067.130] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eac48 | out: hHeap=0x4b0000) returned 1 [0067.131] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f558, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6c0 | out: hHeap=0x4b0000) returned 1 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f7d8 | out: hHeap=0x4b0000) returned 1 [0067.131] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f558 | out: hHeap=0x4b0000) returned 1 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a95f8 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9010 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9010, Size=0x72) returned 0x4e68b8 [0067.131] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0067.131] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x358 [0067.131] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0x0) returned 0x0 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a95f8 | out: hHeap=0x4b0000) returned 1 [0067.131] GetProcessHeap () returned 0x4b0000 [0067.131] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e68b8 | out: hHeap=0x4b0000) returned 1 [0067.131] ReleaseMutex (hMutex=0x358) returned 1 [0067.131] CloseHandle (hObject=0x358) returned 1 [0067.132] Sleep (dwMilliseconds=0x3e8) [0068.509] GetProcessHeap () returned 0x4b0000 [0068.509] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f648 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f580 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f418 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea950 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea950 | out: hHeap=0x4b0000) returned 1 [0068.510] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f580, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f418 | out: hHeap=0x4b0000) returned 1 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f648 | out: hHeap=0x4b0000) returned 1 [0068.510] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f580 | out: hHeap=0x4b0000) returned 1 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9760 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a93b8 [0068.510] GetProcessHeap () returned 0x4b0000 [0068.510] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a93b8, Size=0x72) returned 0x4e6fb8 [0068.510] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0068.510] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x34c [0068.511] WaitForSingleObject (hHandle=0x34c, dwMilliseconds=0x0) returned 0x0 [0068.511] GetProcessHeap () returned 0x4b0000 [0068.511] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9760 | out: hHeap=0x4b0000) returned 1 [0068.511] GetProcessHeap () returned 0x4b0000 [0068.511] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6fb8 | out: hHeap=0x4b0000) returned 1 [0068.511] ReleaseMutex (hMutex=0x34c) returned 1 [0068.511] CloseHandle (hObject=0x34c) returned 1 [0068.511] Sleep (dwMilliseconds=0x3e8) [0069.687] GetProcessHeap () returned 0x4b0000 [0069.687] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f800 [0069.687] GetProcessHeap () returned 0x4b0000 [0069.687] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f698 [0069.688] GetProcessHeap () returned 0x4b0000 [0069.688] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f6e8 [0069.688] GetProcessHeap () returned 0x4b0000 [0069.688] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eaa80 [0069.688] GetProcessHeap () returned 0x4b0000 [0069.688] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eaa80 | out: hHeap=0x4b0000) returned 1 [0069.688] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f698, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0069.688] GetProcessHeap () returned 0x4b0000 [0069.688] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6e8 | out: hHeap=0x4b0000) returned 1 [0069.688] GetProcessHeap () returned 0x4b0000 [0069.688] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f800 | out: hHeap=0x4b0000) returned 1 [0069.688] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0069.688] GetProcessHeap () returned 0x4b0000 [0069.688] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f698 | out: hHeap=0x4b0000) returned 1 [0069.688] GetProcessHeap () returned 0x4b0000 [0069.689] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a94d8 [0069.689] GetProcessHeap () returned 0x4b0000 [0069.689] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a95f8 [0069.689] GetProcessHeap () returned 0x4b0000 [0069.689] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a95f8, Size=0x72) returned 0x4e69b8 [0069.689] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0069.689] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x288 [0069.689] WaitForSingleObject (hHandle=0x288, dwMilliseconds=0x0) returned 0x0 [0069.689] GetProcessHeap () returned 0x4b0000 [0069.689] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a94d8 | out: hHeap=0x4b0000) returned 1 [0069.689] GetProcessHeap () returned 0x4b0000 [0069.689] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e69b8 | out: hHeap=0x4b0000) returned 1 [0069.689] ReleaseMutex (hMutex=0x288) returned 1 [0069.689] CloseHandle (hObject=0x288) returned 1 [0069.689] Sleep (dwMilliseconds=0x3e8) [0070.974] GetProcessHeap () returned 0x4b0000 [0070.974] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f468 [0070.974] GetProcessHeap () returned 0x4b0000 [0070.974] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f620 [0070.974] GetProcessHeap () returned 0x4b0000 [0070.974] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f6c0 [0070.974] GetProcessHeap () returned 0x4b0000 [0070.974] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea360 [0070.974] GetProcessHeap () returned 0x4b0000 [0070.974] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea360 | out: hHeap=0x4b0000) returned 1 [0070.974] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f620, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0070.974] GetProcessHeap () returned 0x4b0000 [0070.975] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6c0 | out: hHeap=0x4b0000) returned 1 [0070.975] GetProcessHeap () returned 0x4b0000 [0070.975] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0070.975] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0070.975] GetProcessHeap () returned 0x4b0000 [0070.975] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f620 | out: hHeap=0x4b0000) returned 1 [0070.975] GetProcessHeap () returned 0x4b0000 [0070.975] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a90a0 [0070.975] GetProcessHeap () returned 0x4b0000 [0070.975] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9208 [0070.975] GetProcessHeap () returned 0x4b0000 [0070.975] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9208, Size=0x72) returned 0x4e76b8 [0070.975] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0070.975] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x304 [0070.975] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0x0) returned 0x0 [0070.975] GetProcessHeap () returned 0x4b0000 [0070.975] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a90a0 | out: hHeap=0x4b0000) returned 1 [0070.975] GetProcessHeap () returned 0x4b0000 [0070.975] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e76b8 | out: hHeap=0x4b0000) returned 1 [0070.975] ReleaseMutex (hMutex=0x304) returned 1 [0070.975] CloseHandle (hObject=0x304) returned 1 [0070.975] Sleep (dwMilliseconds=0x3e8) [0072.229] GetProcessHeap () returned 0x4b0000 [0072.229] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f6c0 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f738 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f468 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eaa80 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eaa80 | out: hHeap=0x4b0000) returned 1 [0072.230] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f738, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6c0 | out: hHeap=0x4b0000) returned 1 [0072.230] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f738 | out: hHeap=0x4b0000) returned 1 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a90a0 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a96d0 [0072.230] GetProcessHeap () returned 0x4b0000 [0072.230] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a96d0, Size=0x72) returned 0x4e7038 [0072.230] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0072.230] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x2bc [0072.231] WaitForSingleObject (hHandle=0x2bc, dwMilliseconds=0x0) returned 0x0 [0072.231] GetProcessHeap () returned 0x4b0000 [0072.231] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a90a0 | out: hHeap=0x4b0000) returned 1 [0072.231] GetProcessHeap () returned 0x4b0000 [0072.231] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e7038 | out: hHeap=0x4b0000) returned 1 [0072.231] ReleaseMutex (hMutex=0x2bc) returned 1 [0072.231] CloseHandle (hObject=0x2bc) returned 1 [0072.231] Sleep (dwMilliseconds=0x3e8) [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f468 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f5a8 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f670 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eb070 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eb070 | out: hHeap=0x4b0000) returned 1 [0073.370] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f5a8, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f670 | out: hHeap=0x4b0000) returned 1 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0073.370] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f5a8 | out: hHeap=0x4b0000) returned 1 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a95f8 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9640 [0073.370] GetProcessHeap () returned 0x4b0000 [0073.370] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9640, Size=0x72) returned 0x4e7438 [0073.370] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0073.370] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x368 [0073.371] WaitForSingleObject (hHandle=0x368, dwMilliseconds=0x0) returned 0x0 [0073.371] GetProcessHeap () returned 0x4b0000 [0073.371] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a95f8 | out: hHeap=0x4b0000) returned 1 [0073.371] GetProcessHeap () returned 0x4b0000 [0073.371] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e7438 | out: hHeap=0x4b0000) returned 1 [0073.371] ReleaseMutex (hMutex=0x368) returned 1 [0073.371] CloseHandle (hObject=0x368) returned 1 [0073.371] Sleep (dwMilliseconds=0x3e8) [0074.671] GetProcessHeap () returned 0x4b0000 [0074.671] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f698 [0074.673] GetProcessHeap () returned 0x4b0000 [0074.673] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f828 [0074.673] GetProcessHeap () returned 0x4b0000 [0074.674] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f620 [0074.674] GetProcessHeap () returned 0x4b0000 [0074.674] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eac48 [0074.705] GetProcessHeap () returned 0x4b0000 [0074.705] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eac48 | out: hHeap=0x4b0000) returned 1 [0074.705] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f828, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0074.705] GetProcessHeap () returned 0x4b0000 [0074.705] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f620 | out: hHeap=0x4b0000) returned 1 [0074.705] GetProcessHeap () returned 0x4b0000 [0074.705] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f698 | out: hHeap=0x4b0000) returned 1 [0074.705] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0074.707] GetProcessHeap () returned 0x4b0000 [0074.707] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f828 | out: hHeap=0x4b0000) returned 1 [0074.707] GetProcessHeap () returned 0x4b0000 [0074.707] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9640 [0074.707] GetProcessHeap () returned 0x4b0000 [0074.707] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a95f8 [0074.707] GetProcessHeap () returned 0x4b0000 [0074.723] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a95f8, Size=0x72) returned 0x4e7138 [0074.723] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0074.725] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x304 [0074.725] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0x0) returned 0x0 [0074.736] GetProcessHeap () returned 0x4b0000 [0074.736] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9640 | out: hHeap=0x4b0000) returned 1 [0074.736] GetProcessHeap () returned 0x4b0000 [0074.736] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e7138 | out: hHeap=0x4b0000) returned 1 [0074.736] ReleaseMutex (hMutex=0x304) returned 1 [0074.737] CloseHandle (hObject=0x304) returned 1 [0074.737] Sleep (dwMilliseconds=0x3e8) [0076.117] GetProcessHeap () returned 0x4b0000 [0076.117] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f508 [0076.117] GetProcessHeap () returned 0x4b0000 [0076.117] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f378 [0076.117] GetProcessHeap () returned 0x4b0000 [0076.117] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f3a0 [0076.117] GetProcessHeap () returned 0x4b0000 [0076.117] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eafd8 [0076.117] GetProcessHeap () returned 0x4b0000 [0076.117] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eafd8 | out: hHeap=0x4b0000) returned 1 [0076.117] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f378, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0076.117] GetProcessHeap () returned 0x4b0000 [0076.117] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f3a0 | out: hHeap=0x4b0000) returned 1 [0076.117] GetProcessHeap () returned 0x4b0000 [0076.117] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f508 | out: hHeap=0x4b0000) returned 1 [0076.117] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0076.118] GetProcessHeap () returned 0x4b0000 [0076.118] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f378 | out: hHeap=0x4b0000) returned 1 [0076.118] GetProcessHeap () returned 0x4b0000 [0076.118] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a94d8 [0076.118] GetProcessHeap () returned 0x4b0000 [0076.118] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9760 [0076.118] GetProcessHeap () returned 0x4b0000 [0076.118] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9760, Size=0x72) returned 0x4e6a38 [0076.118] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0076.118] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x330 [0076.118] WaitForSingleObject (hHandle=0x330, dwMilliseconds=0x0) returned 0x0 [0076.118] GetProcessHeap () returned 0x4b0000 [0076.118] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a94d8 | out: hHeap=0x4b0000) returned 1 [0076.118] GetProcessHeap () returned 0x4b0000 [0076.118] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6a38 | out: hHeap=0x4b0000) returned 1 [0076.118] ReleaseMutex (hMutex=0x330) returned 1 [0076.118] CloseHandle (hObject=0x330) returned 1 [0076.118] Sleep (dwMilliseconds=0x3e8) [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f530 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f738 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f378 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eaf40 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eaf40 | out: hHeap=0x4b0000) returned 1 [0077.592] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f738, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f378 | out: hHeap=0x4b0000) returned 1 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f530 | out: hHeap=0x4b0000) returned 1 [0077.592] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f738 | out: hHeap=0x4b0000) returned 1 [0077.592] GetProcessHeap () returned 0x4b0000 [0077.592] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a95f8 [0077.593] GetProcessHeap () returned 0x4b0000 [0077.593] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9250 [0077.593] GetProcessHeap () returned 0x4b0000 [0077.593] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9250, Size=0x72) returned 0x4e6d38 [0077.593] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0077.593] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x32c [0077.593] WaitForSingleObject (hHandle=0x32c, dwMilliseconds=0x0) returned 0x0 [0077.593] GetProcessHeap () returned 0x4b0000 [0077.593] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a95f8 | out: hHeap=0x4b0000) returned 1 [0077.593] GetProcessHeap () returned 0x4b0000 [0077.593] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6d38 | out: hHeap=0x4b0000) returned 1 [0077.593] ReleaseMutex (hMutex=0x32c) returned 1 [0077.593] CloseHandle (hObject=0x32c) returned 1 [0077.593] Sleep (dwMilliseconds=0x3e8) [0078.891] GetProcessHeap () returned 0x4b0000 [0078.891] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f3f0 [0078.891] GetProcessHeap () returned 0x4b0000 [0078.891] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f800 [0078.891] GetProcessHeap () returned 0x4b0000 [0078.891] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f5a8 [0078.891] GetProcessHeap () returned 0x4b0000 [0078.891] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea360 [0078.891] GetProcessHeap () returned 0x4b0000 [0078.891] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea360 | out: hHeap=0x4b0000) returned 1 [0078.891] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f800, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0078.891] GetProcessHeap () returned 0x4b0000 [0078.891] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f5a8 | out: hHeap=0x4b0000) returned 1 [0078.891] GetProcessHeap () returned 0x4b0000 [0078.891] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f3f0 | out: hHeap=0x4b0000) returned 1 [0078.891] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0078.892] GetProcessHeap () returned 0x4b0000 [0078.892] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f800 | out: hHeap=0x4b0000) returned 1 [0078.892] GetProcessHeap () returned 0x4b0000 [0078.892] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9688 [0078.892] GetProcessHeap () returned 0x4b0000 [0078.892] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9328 [0078.892] GetProcessHeap () returned 0x4b0000 [0078.892] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9328, Size=0x72) returned 0x4e6cb8 [0078.892] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0078.892] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x304 [0078.892] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0x0) returned 0x0 [0078.892] GetProcessHeap () returned 0x4b0000 [0078.892] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9688 | out: hHeap=0x4b0000) returned 1 [0078.892] GetProcessHeap () returned 0x4b0000 [0078.892] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6cb8 | out: hHeap=0x4b0000) returned 1 [0078.892] ReleaseMutex (hMutex=0x304) returned 1 [0078.892] CloseHandle (hObject=0x304) returned 1 [0078.892] Sleep (dwMilliseconds=0x3e8) [0080.238] GetProcessHeap () returned 0x4b0000 [0080.260] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f580 [0080.260] GetProcessHeap () returned 0x4b0000 [0080.260] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f3f0 [0080.260] GetProcessHeap () returned 0x4b0000 [0080.260] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f738 [0080.260] GetProcessHeap () returned 0x4b0000 [0080.260] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea788 [0080.260] GetProcessHeap () returned 0x4b0000 [0080.260] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea788 | out: hHeap=0x4b0000) returned 1 [0080.260] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f3f0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0080.260] GetProcessHeap () returned 0x4b0000 [0080.260] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f738 | out: hHeap=0x4b0000) returned 1 [0080.260] GetProcessHeap () returned 0x4b0000 [0080.260] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f580 | out: hHeap=0x4b0000) returned 1 [0080.260] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0080.261] GetProcessHeap () returned 0x4b0000 [0080.261] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f3f0 | out: hHeap=0x4b0000) returned 1 [0080.261] GetProcessHeap () returned 0x4b0000 [0080.261] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a96d0 [0080.261] GetProcessHeap () returned 0x4b0000 [0080.261] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9520 [0080.261] GetProcessHeap () returned 0x4b0000 [0080.261] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9520, Size=0x72) returned 0x4e6fb8 [0080.261] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0080.261] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x310 [0080.261] WaitForSingleObject (hHandle=0x310, dwMilliseconds=0x0) returned 0x0 [0080.261] GetProcessHeap () returned 0x4b0000 [0080.261] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a96d0 | out: hHeap=0x4b0000) returned 1 [0080.261] GetProcessHeap () returned 0x4b0000 [0080.261] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6fb8 | out: hHeap=0x4b0000) returned 1 [0080.261] ReleaseMutex (hMutex=0x310) returned 1 [0080.261] CloseHandle (hObject=0x310) returned 1 [0080.261] Sleep (dwMilliseconds=0x3e8) [0081.412] GetProcessHeap () returned 0x4b0000 [0081.413] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f670 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f508 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f6e8 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea490 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea490 | out: hHeap=0x4b0000) returned 1 [0081.413] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f508, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6e8 | out: hHeap=0x4b0000) returned 1 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f670 | out: hHeap=0x4b0000) returned 1 [0081.413] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f508 | out: hHeap=0x4b0000) returned 1 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9448 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9370 [0081.413] GetProcessHeap () returned 0x4b0000 [0081.413] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9370, Size=0x72) returned 0x4e6d38 [0081.413] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0081.413] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x368 [0081.414] WaitForSingleObject (hHandle=0x368, dwMilliseconds=0x0) returned 0x0 [0081.414] GetProcessHeap () returned 0x4b0000 [0081.414] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9448 | out: hHeap=0x4b0000) returned 1 [0081.414] GetProcessHeap () returned 0x4b0000 [0081.414] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6d38 | out: hHeap=0x4b0000) returned 1 [0081.414] ReleaseMutex (hMutex=0x368) returned 1 [0081.414] CloseHandle (hObject=0x368) returned 1 [0081.414] Sleep (dwMilliseconds=0x3e8) [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f530 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f490 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f698 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eaa80 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eaa80 | out: hHeap=0x4b0000) returned 1 [0082.563] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f490, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f698 | out: hHeap=0x4b0000) returned 1 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f530 | out: hHeap=0x4b0000) returned 1 [0082.563] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f490 | out: hHeap=0x4b0000) returned 1 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9178 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a97f0 [0082.563] GetProcessHeap () returned 0x4b0000 [0082.563] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a97f0, Size=0x72) returned 0x4e6fb8 [0082.563] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0082.564] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x2bc [0082.564] WaitForSingleObject (hHandle=0x2bc, dwMilliseconds=0x0) returned 0x0 [0082.564] GetProcessHeap () returned 0x4b0000 [0082.564] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9178 | out: hHeap=0x4b0000) returned 1 [0082.564] GetProcessHeap () returned 0x4b0000 [0082.564] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6fb8 | out: hHeap=0x4b0000) returned 1 [0082.564] ReleaseMutex (hMutex=0x2bc) returned 1 [0082.564] CloseHandle (hObject=0x2bc) returned 1 [0082.564] Sleep (dwMilliseconds=0x3e8) [0083.699] GetProcessHeap () returned 0x4b0000 [0083.733] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f7d8 [0083.733] GetProcessHeap () returned 0x4b0000 [0083.733] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f468 [0083.733] GetProcessHeap () returned 0x4b0000 [0083.733] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f378 [0083.733] GetProcessHeap () returned 0x4b0000 [0083.733] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea490 [0083.733] GetProcessHeap () returned 0x4b0000 [0083.733] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea490 | out: hHeap=0x4b0000) returned 1 [0083.733] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f468, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0083.733] GetProcessHeap () returned 0x4b0000 [0083.733] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f378 | out: hHeap=0x4b0000) returned 1 [0083.733] GetProcessHeap () returned 0x4b0000 [0083.733] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f7d8 | out: hHeap=0x4b0000) returned 1 [0083.734] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0083.734] GetProcessHeap () returned 0x4b0000 [0083.734] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0083.734] GetProcessHeap () returned 0x4b0000 [0083.734] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9328 [0083.734] GetProcessHeap () returned 0x4b0000 [0083.734] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9250 [0083.734] GetProcessHeap () returned 0x4b0000 [0083.734] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9250, Size=0x72) returned 0x4e6db8 [0083.734] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0083.734] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x2bc [0083.734] WaitForSingleObject (hHandle=0x2bc, dwMilliseconds=0x0) returned 0x0 [0083.734] GetProcessHeap () returned 0x4b0000 [0083.734] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9328 | out: hHeap=0x4b0000) returned 1 [0083.734] GetProcessHeap () returned 0x4b0000 [0083.734] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6db8 | out: hHeap=0x4b0000) returned 1 [0083.734] ReleaseMutex (hMutex=0x2bc) returned 1 [0083.734] CloseHandle (hObject=0x2bc) returned 1 [0083.734] Sleep (dwMilliseconds=0x3e8) [0084.884] GetProcessHeap () returned 0x4b0000 [0084.884] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f530 [0084.884] GetProcessHeap () returned 0x4b0000 [0084.884] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f6c0 [0084.884] GetProcessHeap () returned 0x4b0000 [0084.884] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f800 [0084.884] GetProcessHeap () returned 0x4b0000 [0084.884] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eaa80 [0084.884] GetProcessHeap () returned 0x4b0000 [0084.884] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eaa80 | out: hHeap=0x4b0000) returned 1 [0084.884] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f6c0, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0084.884] GetProcessHeap () returned 0x4b0000 [0084.884] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f800 | out: hHeap=0x4b0000) returned 1 [0084.885] GetProcessHeap () returned 0x4b0000 [0084.885] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f530 | out: hHeap=0x4b0000) returned 1 [0084.885] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0084.885] GetProcessHeap () returned 0x4b0000 [0084.885] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f6c0 | out: hHeap=0x4b0000) returned 1 [0084.885] GetProcessHeap () returned 0x4b0000 [0084.885] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9178 [0084.885] GetProcessHeap () returned 0x4b0000 [0084.885] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a94d8 [0084.885] GetProcessHeap () returned 0x4b0000 [0084.885] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a94d8, Size=0x72) returned 0x4e77b8 [0084.885] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0084.885] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x35c [0084.885] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0x0) returned 0x0 [0084.885] GetProcessHeap () returned 0x4b0000 [0084.885] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9178 | out: hHeap=0x4b0000) returned 1 [0084.885] GetProcessHeap () returned 0x4b0000 [0084.885] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e77b8 | out: hHeap=0x4b0000) returned 1 [0084.885] ReleaseMutex (hMutex=0x35c) returned 1 [0084.885] CloseHandle (hObject=0x35c) returned 1 [0084.885] Sleep (dwMilliseconds=0x3e8) [0086.111] GetProcessHeap () returned 0x4b0000 [0086.111] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f490 [0086.111] GetProcessHeap () returned 0x4b0000 [0086.111] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f468 [0086.111] GetProcessHeap () returned 0x4b0000 [0086.111] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f418 [0086.111] GetProcessHeap () returned 0x4b0000 [0086.111] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4eae10 [0086.111] GetProcessHeap () returned 0x4b0000 [0086.111] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eae10 | out: hHeap=0x4b0000) returned 1 [0086.111] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f468, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0086.111] GetProcessHeap () returned 0x4b0000 [0086.111] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f418 | out: hHeap=0x4b0000) returned 1 [0086.111] GetProcessHeap () returned 0x4b0000 [0086.111] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f490 | out: hHeap=0x4b0000) returned 1 [0086.111] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0086.112] GetProcessHeap () returned 0x4b0000 [0086.112] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f468 | out: hHeap=0x4b0000) returned 1 [0086.112] GetProcessHeap () returned 0x4b0000 [0086.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9640 [0086.112] GetProcessHeap () returned 0x4b0000 [0086.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a96d0 [0086.112] GetProcessHeap () returned 0x4b0000 [0086.112] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a96d0, Size=0x72) returned 0x4e6c38 [0086.112] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0086.112] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x35c [0086.112] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0x0) returned 0x0 [0086.112] GetProcessHeap () returned 0x4b0000 [0086.112] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9640 | out: hHeap=0x4b0000) returned 1 [0086.112] GetProcessHeap () returned 0x4b0000 [0086.112] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e6c38 | out: hHeap=0x4b0000) returned 1 [0086.112] ReleaseMutex (hMutex=0x35c) returned 1 [0086.112] CloseHandle (hObject=0x35c) returned 1 [0086.112] Sleep (dwMilliseconds=0x3e8) [0087.281] GetProcessHeap () returned 0x4b0000 [0087.281] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x56f508 [0087.281] GetProcessHeap () returned 0x4b0000 [0087.281] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x56f698 [0087.281] GetProcessHeap () returned 0x4b0000 [0087.288] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x56f418 [0087.288] GetProcessHeap () returned 0x4b0000 [0087.288] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea528 [0087.288] GetProcessHeap () returned 0x4b0000 [0087.288] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea528 | out: hHeap=0x4b0000) returned 1 [0087.288] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x56f698, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0087.288] GetProcessHeap () returned 0x4b0000 [0087.288] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f418 | out: hHeap=0x4b0000) returned 1 [0087.288] GetProcessHeap () returned 0x4b0000 [0087.288] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f508 | out: hHeap=0x4b0000) returned 1 [0087.289] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x1ffb50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ffb50*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0087.289] GetProcessHeap () returned 0x4b0000 [0087.289] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x56f698 | out: hHeap=0x4b0000) returned 1 [0087.289] GetProcessHeap () returned 0x4b0000 [0087.289] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x5a9688 [0087.289] GetProcessHeap () returned 0x4b0000 [0087.289] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x5a9760 [0087.289] GetProcessHeap () returned 0x4b0000 [0087.289] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x5a9760, Size=0x72) returned 0x4e69b8 [0087.289] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\<>B419773000000000") returned 0x0 [0087.289] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\<>B419773000000000") returned 0x328 [0087.289] WaitForSingleObject (hHandle=0x328, dwMilliseconds=0x0) returned 0x0 [0087.289] GetProcessHeap () returned 0x4b0000 [0087.289] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x5a9688 | out: hHeap=0x4b0000) returned 1 [0087.289] GetProcessHeap () returned 0x4b0000 [0087.289] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4e69b8 | out: hHeap=0x4b0000) returned 1 [0087.289] ReleaseMutex (hMutex=0x328) returned 1 [0087.289] CloseHandle (hObject=0x328) returned 1 [0087.289] Sleep (dwMilliseconds=0x3e8) Thread: id = 10 os_tid = 0x714 [0052.380] GetProcessHeap () returned 0x4b0000 [0052.380] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x440) returned 0x4d4928 [0052.380] GetProcessHeap () returned 0x4b0000 [0052.380] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x434) returned 0x4d4d70 [0052.380] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x24c [0052.392] Process32FirstW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0052.393] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0052.394] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0052.394] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0052.395] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0052.395] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0052.396] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0052.396] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0052.397] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0052.397] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.398] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0052.398] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0052.399] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.399] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0052.399] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x62, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.400] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.400] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.401] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.401] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.402] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.402] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.403] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.403] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.404] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0052.404] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.405] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.405] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0052.406] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0052.406] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.407] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0052.407] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0052.407] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0052.408] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0052.409] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0052.409] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0052.410] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0052.410] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0052.410] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0052.411] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0052.411] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0052.412] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0052.412] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0052.413] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0052.413] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0052.438] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0052.469] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0052.469] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0052.470] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0052.470] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0052.471] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0052.471] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0052.472] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0052.472] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0052.473] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0052.473] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0052.474] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0052.474] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0052.475] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0052.475] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0052.476] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0052.477] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0052.477] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0052.478] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0052.479] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0052.479] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0052.480] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0052.480] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0052.481] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0052.482] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0052.482] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0052.483] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0052.484] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0052.484] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0052.485] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0052.485] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0052.486] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0052.486] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.488] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0052.488] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0052.489] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0052.489] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0052.490] Process32NextW (in: hSnapshot=0x24c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0052.490] CloseHandle (hObject=0x24c) returned 1 [0052.490] Sleep (dwMilliseconds=0x1f4) [0053.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2b8 [0053.012] Process32FirstW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0053.013] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0053.013] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0053.014] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0053.014] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0053.015] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0053.015] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0053.016] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0053.016] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0053.017] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.017] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0053.018] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0053.018] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.019] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0053.019] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x62, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.020] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.020] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.021] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.021] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.022] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.022] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.023] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.023] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.023] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0053.024] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.024] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.025] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0053.025] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0053.026] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.026] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0053.027] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0053.027] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0053.028] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0053.028] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0053.029] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0053.029] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0053.030] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0053.030] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0053.031] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0053.031] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0053.031] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0053.032] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0053.032] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0053.033] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0053.033] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0053.034] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0053.035] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0053.035] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0053.036] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0053.036] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0053.036] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0053.037] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0053.037] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0053.038] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0053.120] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0053.161] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0053.161] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0053.162] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0053.162] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0053.163] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0053.164] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0053.164] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0053.165] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0053.165] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0053.166] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0053.167] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0053.167] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0053.168] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0053.169] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0053.169] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0053.170] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0053.170] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0053.171] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0053.171] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0053.172] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0053.172] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0053.173] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.174] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0053.174] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0053.175] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0053.175] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.176] Process32NextW (in: hSnapshot=0x2b8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0053.176] CloseHandle (hObject=0x2b8) returned 1 [0053.176] Sleep (dwMilliseconds=0x1f4) [0053.940] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2a8 [0053.949] Process32FirstW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0053.950] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0053.951] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0053.951] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0053.952] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0053.952] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0053.953] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0053.953] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0053.953] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0053.954] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.954] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0053.955] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0053.955] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.956] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0053.956] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x62, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.957] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.957] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.958] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.958] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.959] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.959] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.960] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.960] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.961] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0053.961] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.962] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.962] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0053.962] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0053.963] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0053.964] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0053.964] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0053.964] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0053.965] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0053.965] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0053.966] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0053.966] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0053.967] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0053.967] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0053.968] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0053.968] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0053.969] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0053.969] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0053.970] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0053.970] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0053.971] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0053.971] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0053.972] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0054.424] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0054.424] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0054.425] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0054.425] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0054.426] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0054.427] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0054.427] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0054.428] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0054.428] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0054.429] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0054.429] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0054.430] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0054.430] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0054.431] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0054.432] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0054.432] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0054.433] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0054.433] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0054.434] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0054.435] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0054.435] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0054.436] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0054.437] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0054.437] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0054.438] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0054.438] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0054.439] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0054.439] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0054.440] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0054.441] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.441] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0054.442] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0054.442] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0054.443] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0054.445] Process32NextW (in: hSnapshot=0x2a8, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0054.446] CloseHandle (hObject=0x2a8) returned 1 [0054.446] Sleep (dwMilliseconds=0x1f4) [0055.199] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x348 [0055.206] Process32FirstW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0055.207] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0055.207] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0055.208] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0055.208] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0055.209] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0055.209] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0055.210] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0055.210] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0055.211] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.211] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0055.212] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0055.212] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.213] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0055.213] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x62, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.214] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.214] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.215] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.215] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.216] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.216] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.217] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.217] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.217] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0055.218] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.218] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.219] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0055.219] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0055.220] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.220] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0055.221] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0055.222] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0055.223] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0055.223] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0055.224] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0055.224] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0055.225] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0055.225] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0055.226] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0055.226] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0055.227] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0055.227] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0055.228] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0055.228] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0055.228] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0055.229] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0055.230] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0055.230] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0055.230] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0055.231] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0055.231] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0055.232] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0055.232] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0055.233] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0055.476] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0055.476] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0055.477] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0055.477] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0055.478] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0055.479] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0055.479] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0055.480] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0055.480] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0055.481] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0055.482] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0055.482] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0055.483] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0055.484] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0055.484] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0055.485] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0055.485] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0055.486] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0055.486] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0055.488] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0055.488] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0055.489] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.489] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0055.490] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0055.490] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0055.491] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0055.491] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0055.492] CloseHandle (hObject=0x348) returned 1 [0055.492] Sleep (dwMilliseconds=0x1f4) [0056.163] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x348 [0056.171] Process32FirstW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0056.171] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0056.171] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0056.172] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0056.172] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0056.173] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0056.173] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0056.174] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0056.176] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0056.176] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.177] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0056.177] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0056.177] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.178] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0056.178] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x61, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.179] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.179] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.180] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.180] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.181] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.181] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.182] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.182] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.183] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0056.183] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.184] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.184] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0056.185] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0056.185] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.186] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0056.186] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0056.187] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0056.187] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0056.188] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0056.188] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0056.189] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0056.189] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0056.190] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0056.190] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0056.191] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0056.192] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0056.192] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0056.193] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0056.193] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0056.194] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0056.194] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0056.194] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0056.195] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0056.195] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0056.196] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0056.196] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0056.197] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0056.197] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0056.198] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0056.198] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0056.199] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0056.199] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0056.200] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0056.200] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0056.201] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0056.202] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0056.202] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0056.203] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0056.204] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0056.204] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0056.205] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0056.338] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0056.338] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0056.339] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0056.340] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0056.340] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0056.341] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0056.341] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0056.342] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0056.343] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0056.343] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.344] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0056.344] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0056.345] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0056.345] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.346] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0056.346] CloseHandle (hObject=0x348) returned 1 [0056.346] Sleep (dwMilliseconds=0x1f4) [0056.929] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x35c [0056.936] Process32FirstW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0056.937] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0056.937] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0056.938] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0056.938] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0056.939] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0056.939] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0056.940] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0056.940] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0056.941] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.942] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0056.942] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0056.943] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.943] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0056.944] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x61, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.944] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.945] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.945] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.946] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.946] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.947] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.947] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.948] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.948] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0056.949] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.949] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.950] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0056.950] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0056.951] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0056.951] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0056.952] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0056.952] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0056.953] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0056.953] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0056.954] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0056.954] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0056.955] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0056.955] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0056.956] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0056.956] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0056.957] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0056.957] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0056.958] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0056.959] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0056.959] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0056.960] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0056.960] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0056.961] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0056.961] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0056.962] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0056.962] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0056.963] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0056.963] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0056.964] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0056.964] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0056.965] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0056.965] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0056.966] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0056.966] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0056.967] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0056.967] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0056.968] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0056.969] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0056.969] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0056.970] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0056.970] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0056.971] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0056.972] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0056.972] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0057.017] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0057.017] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0057.018] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0057.018] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0057.019] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0057.020] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.021] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0057.021] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0057.022] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0057.022] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.023] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0057.023] CloseHandle (hObject=0x35c) returned 1 [0057.023] Sleep (dwMilliseconds=0x1f4) [0057.588] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x360 [0057.594] Process32FirstW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0057.594] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0057.595] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0057.595] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0057.596] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0057.596] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0057.597] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0057.597] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0057.598] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0057.598] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.599] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0057.599] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0057.600] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.600] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0057.601] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x61, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.601] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.602] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.602] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.603] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.603] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.604] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.604] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.605] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.605] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0057.606] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.606] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.607] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0057.607] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0057.608] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.608] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0057.609] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0057.609] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0057.610] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0057.610] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0057.611] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0057.611] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0057.612] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0057.612] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0057.613] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0057.613] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0057.614] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0057.614] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0057.615] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0057.615] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0057.616] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0057.616] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0057.617] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0057.617] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0057.618] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0057.618] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0057.619] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0057.619] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0057.619] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0057.620] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0057.620] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0057.621] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0057.621] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0057.622] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0057.622] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0057.623] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0057.623] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0057.624] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0057.625] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0057.625] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0057.626] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0057.626] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0057.627] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0057.628] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0057.628] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0057.629] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0057.682] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0057.683] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0057.683] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0057.684] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0057.684] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.685] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0057.685] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0057.686] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0057.686] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0057.687] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0057.687] CloseHandle (hObject=0x360) returned 1 [0057.687] Sleep (dwMilliseconds=0x1f4) [0058.217] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x30c [0058.252] Process32FirstW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0058.252] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0058.252] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0058.253] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0058.253] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0058.254] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0058.255] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0058.255] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0058.255] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0058.256] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.256] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0058.257] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0058.257] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.258] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0058.258] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x61, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.259] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.259] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.260] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.260] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.260] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.261] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.261] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.262] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.262] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0058.263] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.263] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.264] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0058.264] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0058.265] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.265] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0058.265] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0058.266] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0058.266] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3b, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0058.267] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0058.267] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0058.268] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0058.268] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0058.269] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0058.269] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0058.270] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0058.271] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0058.272] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0058.272] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0058.273] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0058.274] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0058.275] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0058.275] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0058.276] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0058.277] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0058.277] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0058.278] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0058.278] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0058.279] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0058.279] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0058.280] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0058.302] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0058.319] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0058.331] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0058.331] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0058.332] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0058.332] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0058.333] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0058.334] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0058.334] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0058.335] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0058.336] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0058.336] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0058.337] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0058.337] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0058.338] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0058.338] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0058.339] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0058.339] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0058.340] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0058.341] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.341] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0058.342] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0058.342] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0058.343] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.343] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0058.344] CloseHandle (hObject=0x30c) returned 1 [0058.344] Sleep (dwMilliseconds=0x1f4) [0058.892] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x34c [0058.898] Process32FirstW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0058.898] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0058.899] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0058.899] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0058.900] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0058.900] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0058.901] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0058.901] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0058.902] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0058.902] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.903] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0058.903] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0058.904] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.905] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0058.905] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x61, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.906] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.906] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.907] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.907] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.908] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.908] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.908] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.909] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.909] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0058.910] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.910] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.911] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0058.911] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0058.912] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0058.912] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0058.913] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0058.913] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0058.914] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3b, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0058.914] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0058.914] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0058.915] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0058.916] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0058.916] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0058.917] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0058.917] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0058.918] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0058.918] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0058.919] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0058.919] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0058.920] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0058.920] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0058.920] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0058.921] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0058.921] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0058.922] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0058.922] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0058.923] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0058.923] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0058.924] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0058.924] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0058.925] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0058.925] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0058.926] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0058.926] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0058.927] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0058.928] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0058.928] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0058.929] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0058.930] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0058.930] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0059.007] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0059.007] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0059.008] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0059.008] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0059.009] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0059.010] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0059.010] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0059.011] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0059.012] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0059.012] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.013] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0059.013] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0059.014] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0059.014] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.015] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0059.016] CloseHandle (hObject=0x34c) returned 1 [0059.016] Sleep (dwMilliseconds=0x1f4) [0059.592] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x30c [0059.599] Process32FirstW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0059.599] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0059.600] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0059.600] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0059.601] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0059.601] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0059.602] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0059.602] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0059.603] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0059.603] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.604] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0059.604] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0059.605] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.605] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0059.606] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x61, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.606] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.607] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.607] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.608] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.608] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.608] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.609] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.609] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.610] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0059.610] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.611] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.611] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0059.612] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0059.612] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.613] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0059.613] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0059.614] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0059.614] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3b, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0059.614] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0059.615] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0059.615] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0059.616] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0059.616] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0059.617] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0059.617] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0059.618] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0059.618] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0059.619] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0059.619] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0059.620] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0059.620] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0059.621] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0059.621] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0059.622] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0059.622] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0059.623] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0059.623] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0059.624] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0059.624] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0059.624] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0059.625] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0059.625] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0059.626] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0059.626] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0059.627] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0059.628] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0059.628] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0059.629] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0059.629] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0059.630] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0059.631] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0059.631] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0059.632] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0059.632] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0059.633] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0059.634] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0059.653] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0059.666] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0059.685] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0059.686] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.686] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0059.687] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0059.687] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0059.688] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0059.688] Process32NextW (in: hSnapshot=0x30c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0059.689] CloseHandle (hObject=0x30c) returned 1 [0059.689] Sleep (dwMilliseconds=0x1f4) [0060.257] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x34c [0060.263] Process32FirstW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0060.263] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0060.264] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0060.264] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0060.265] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0060.265] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0060.266] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0060.266] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0060.267] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0060.267] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.267] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0060.268] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0060.268] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.269] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0060.269] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x61, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.270] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.270] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.271] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.271] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.272] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.272] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.273] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.273] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.273] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0060.274] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.276] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.276] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0060.277] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0060.277] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.277] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0060.278] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0060.278] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0060.279] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3a, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0060.279] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0060.280] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0060.280] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0060.281] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0060.281] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0060.282] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0060.282] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0060.283] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0060.283] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0060.283] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0060.284] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0060.284] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0060.285] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0060.285] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0060.286] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0060.286] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0060.287] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0060.287] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0060.288] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0060.288] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0060.289] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0060.289] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0060.289] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0060.307] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0060.341] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0060.341] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0060.342] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0060.343] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0060.343] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0060.344] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0060.344] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0060.345] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0060.346] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0060.347] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0060.347] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0060.348] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0060.349] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0060.349] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0060.350] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0060.350] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0060.351] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0060.351] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.352] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0060.353] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0060.353] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0060.354] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.354] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0060.355] CloseHandle (hObject=0x34c) returned 1 [0060.355] Sleep (dwMilliseconds=0x1f4) [0060.872] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x378 [0060.877] Process32FirstW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0060.877] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0060.878] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0060.878] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0060.879] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0060.879] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0060.879] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0060.880] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0060.880] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0060.881] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.881] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0060.882] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0060.882] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.883] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0060.883] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.884] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.884] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.885] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.885] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.886] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.886] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.887] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.887] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.888] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0060.888] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.889] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.889] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0060.890] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0060.890] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.891] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0060.891] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0060.892] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0060.892] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3a, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0060.892] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0060.893] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0060.893] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0060.894] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0060.894] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0060.895] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0060.895] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0060.896] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0060.896] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0060.897] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0060.897] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0060.897] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0060.898] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0060.898] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0060.899] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0060.899] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0060.900] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0060.900] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0060.901] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0060.901] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0060.902] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0060.902] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0060.903] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0060.903] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0060.904] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0060.904] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0060.905] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0060.905] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0060.906] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0060.907] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0060.908] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0060.908] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0060.909] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0060.909] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0060.910] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0060.910] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0060.911] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0060.912] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0060.912] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0060.913] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0060.913] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0060.914] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.914] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0060.915] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0060.961] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0060.962] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0060.962] Process32NextW (in: hSnapshot=0x378, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0060.963] CloseHandle (hObject=0x378) returned 1 [0060.963] Sleep (dwMilliseconds=0x1f4) [0061.497] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x35c [0061.503] Process32FirstW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0061.503] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0061.503] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0061.504] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0061.504] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0061.505] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0061.506] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0061.506] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0061.507] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0061.507] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.508] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0061.508] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0061.509] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.509] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0061.510] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.510] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.511] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.511] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.512] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.512] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.513] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.513] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.514] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.514] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0061.515] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.515] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.515] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0061.516] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0061.516] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.517] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0061.517] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0061.518] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0061.518] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3a, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0061.519] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0061.519] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0061.520] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0061.520] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0061.521] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0061.521] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0061.522] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0061.522] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0061.522] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0061.523] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0061.523] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0061.524] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0061.524] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0061.525] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0061.525] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0061.526] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0061.526] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0061.527] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0061.527] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0061.528] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0061.528] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0061.529] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0061.529] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0061.529] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0061.530] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0061.530] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0061.531] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0061.532] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0061.532] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0061.533] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0061.533] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0061.534] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0061.535] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0061.535] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0061.536] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0061.536] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0061.537] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0061.538] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0061.538] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0061.539] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0061.539] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfb8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0061.540] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.580] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0061.581] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0061.581] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0061.582] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0061.582] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0061.583] CloseHandle (hObject=0x35c) returned 1 [0061.583] Sleep (dwMilliseconds=0x1f4) [0062.119] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x358 [0062.125] Process32FirstW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0062.126] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0062.126] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0062.127] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0062.127] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0062.127] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0062.128] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0062.128] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0062.129] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0062.129] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.130] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0062.130] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0062.131] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.131] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0062.132] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.132] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.133] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.133] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.133] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.134] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.134] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.135] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.135] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.136] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0062.136] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.137] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.137] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0062.137] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0062.138] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.138] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0062.139] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0062.139] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0062.140] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3a, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0062.140] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0062.141] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0062.141] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0062.142] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0062.142] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0062.143] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0062.143] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0062.144] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0062.144] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0062.144] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0062.145] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0062.145] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0062.146] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0062.146] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0062.147] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0062.147] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0062.148] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0062.148] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0062.149] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0062.149] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0062.149] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0062.150] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0062.150] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0062.151] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0062.151] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0062.152] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0062.152] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0062.153] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0062.154] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0062.154] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0062.155] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0062.155] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0062.196] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0062.197] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0062.198] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0062.198] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0062.199] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0062.199] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0062.200] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0062.200] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.201] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0062.201] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0062.202] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0062.203] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.203] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0062.204] CloseHandle (hObject=0x358) returned 1 [0062.204] Sleep (dwMilliseconds=0x1f4) [0062.744] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x360 [0062.774] Process32FirstW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0062.774] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0062.775] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0062.775] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0062.776] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0062.776] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0062.776] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0062.777] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0062.777] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0062.778] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.778] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0062.779] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0062.779] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.780] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0062.780] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.781] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.781] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.782] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.782] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.783] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.783] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.784] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.784] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.785] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0062.785] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.786] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.786] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0062.787] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0062.787] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.788] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0062.788] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0062.788] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0062.789] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0062.789] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0062.790] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0062.790] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0062.791] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0062.791] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0062.792] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0062.792] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0062.793] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0062.794] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0062.794] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0062.795] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0062.795] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0062.796] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0062.796] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0062.797] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0062.797] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0062.797] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0062.798] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0062.798] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0062.799] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0062.799] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0062.800] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0062.800] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0062.801] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0062.801] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0062.802] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0062.802] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0062.803] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0062.803] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0062.804] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0062.805] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0062.805] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0062.806] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0062.807] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0062.807] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0062.808] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0062.808] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0062.809] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0062.809] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0062.810] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.811] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0062.811] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0062.812] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0062.885] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0062.885] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0062.886] CloseHandle (hObject=0x360) returned 1 [0062.886] Sleep (dwMilliseconds=0x1f4) [0063.436] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x358 [0063.442] Process32FirstW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0063.442] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0063.443] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0063.443] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0063.444] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0063.444] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0063.445] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0063.445] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0063.446] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0063.446] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.446] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0063.447] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0063.447] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.448] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0063.448] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.449] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.449] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.450] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.450] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.451] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.451] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.451] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.452] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.453] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0063.453] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.454] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.454] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0063.455] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0063.455] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.455] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0063.456] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0063.456] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0063.457] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0063.457] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0063.458] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0063.458] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0063.459] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0063.459] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0063.460] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0063.460] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0063.461] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0063.461] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0063.461] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0063.462] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0063.462] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0063.463] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0063.463] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0063.464] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0063.464] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0063.465] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0063.465] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0063.466] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0063.466] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0063.466] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0063.467] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0063.467] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0063.468] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0063.468] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0063.469] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0063.469] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0063.470] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0063.471] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0063.471] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0063.472] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0063.472] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0063.473] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0063.474] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0063.474] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0063.475] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0063.475] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0063.476] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0063.477] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0063.477] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.478] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0063.478] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0063.479] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0063.479] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.480] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0063.480] CloseHandle (hObject=0x358) returned 1 [0063.480] Sleep (dwMilliseconds=0x1f4) [0064.047] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x360 [0064.052] Process32FirstW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0064.053] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0064.053] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0064.054] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0064.054] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0064.055] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0064.055] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0064.056] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0064.056] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0064.057] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.057] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0064.057] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0064.058] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.058] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0064.059] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.059] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.060] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.060] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.061] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.061] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.062] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.062] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.063] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.063] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0064.064] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.064] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.064] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0064.065] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0064.065] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.066] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0064.066] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0064.067] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0064.067] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0064.068] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0064.068] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0064.069] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0064.069] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0064.070] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0064.070] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0064.070] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0064.071] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0064.071] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0064.072] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0064.072] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0064.073] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0064.073] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0064.074] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0064.074] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0064.075] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0064.075] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0064.076] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0064.076] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0064.077] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0064.077] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0064.459] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0064.460] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0064.460] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0064.461] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0064.461] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0064.462] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0064.462] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0064.463] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0064.463] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0064.464] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0064.465] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0064.465] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0064.466] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0064.467] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0064.467] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0064.468] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0064.728] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0064.746] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0064.748] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.759] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0064.760] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0064.761] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0064.761] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0064.762] Process32NextW (in: hSnapshot=0x360, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0064.762] CloseHandle (hObject=0x360) returned 1 [0064.762] Sleep (dwMilliseconds=0x1f4) [0065.455] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x348 [0065.474] Process32FirstW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0065.475] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0065.475] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0065.476] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0065.476] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0065.477] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0065.477] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0065.478] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0065.478] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0065.478] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.479] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0065.479] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0065.480] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.480] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0065.481] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.481] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.482] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.482] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.483] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.483] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.484] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.484] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.485] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.485] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0065.486] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.486] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.486] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0065.487] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0065.487] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.488] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0065.488] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0065.489] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0065.489] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0065.490] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0065.490] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0065.491] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0065.491] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0065.492] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0065.492] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0065.492] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0065.493] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0065.493] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0065.494] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0065.494] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0065.495] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0065.495] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0065.496] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0065.496] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0065.497] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0065.497] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0065.498] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0065.498] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0065.498] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0065.499] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0065.704] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0065.704] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0065.705] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0065.705] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0065.706] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0065.706] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0065.707] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0065.707] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0065.708] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0065.709] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0065.709] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0065.710] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0065.710] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0065.711] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0065.712] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0065.712] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0065.713] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0065.713] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0065.714] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.714] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0065.715] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0065.715] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0065.716] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0065.717] Process32NextW (in: hSnapshot=0x348, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0065.717] CloseHandle (hObject=0x348) returned 1 [0065.717] Sleep (dwMilliseconds=0x1f4) [0066.333] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x358 [0066.338] Process32FirstW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0066.338] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0066.339] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0066.339] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0066.340] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0066.340] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0066.341] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0066.341] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0066.342] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0066.342] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.342] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0066.343] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0066.344] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.344] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0066.345] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.345] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.346] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.346] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.346] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.347] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.347] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.348] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.348] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.349] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0066.349] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.350] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.350] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0066.351] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0066.351] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.351] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0066.352] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0066.352] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0066.353] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0066.353] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0066.354] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0066.354] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0066.355] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0066.355] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0066.356] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0066.356] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0066.356] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0066.357] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0066.357] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0066.358] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0066.358] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0066.360] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0066.360] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0066.361] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0066.361] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0066.361] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0066.362] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0066.362] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0066.363] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0066.363] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0066.364] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0066.364] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0066.365] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0066.365] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0066.366] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0066.366] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0066.367] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0066.368] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0066.368] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0066.369] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0066.369] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0066.370] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0066.371] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0066.371] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0066.372] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0066.372] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0066.373] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0066.373] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0066.374] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.976] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0066.976] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0066.977] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0066.977] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.978] Process32NextW (in: hSnapshot=0x358, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0066.979] CloseHandle (hObject=0x358) returned 1 [0066.979] Sleep (dwMilliseconds=0x1f4) [0067.635] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x36c [0067.641] Process32FirstW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0067.642] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0067.642] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0067.643] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0067.644] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0067.644] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0067.645] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0067.645] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0067.646] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0067.646] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.647] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0067.647] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0067.648] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.648] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0067.649] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.649] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.650] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.650] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.651] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.651] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.652] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.652] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.653] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.654] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0067.655] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.655] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.656] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0067.656] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0067.657] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.657] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0067.658] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0067.658] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0067.659] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0067.659] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0067.660] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0067.660] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0067.660] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0067.661] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0067.661] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0067.662] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0067.662] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0067.663] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0067.663] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0067.664] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0067.664] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0067.665] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0067.665] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0067.666] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0067.666] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0067.667] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0067.667] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0067.668] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0067.668] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0067.669] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0067.669] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0067.990] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0067.991] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0067.991] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0067.992] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0067.992] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0067.993] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0067.993] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0067.994] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0067.995] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0067.995] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0067.996] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0067.997] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0067.997] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0067.998] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0067.999] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0067.999] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0068.000] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0068.000] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.001] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0068.002] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0068.002] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0068.003] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.003] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0068.004] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0068.004] Process32NextW (in: hSnapshot=0x36c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 0 [0068.005] CloseHandle (hObject=0x36c) returned 1 [0068.005] Sleep (dwMilliseconds=0x1f4) [0068.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x34c [0068.950] Process32FirstW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0068.951] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0068.952] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0068.952] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0068.953] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0068.953] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0068.954] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0068.954] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0068.955] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0068.955] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.955] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0068.956] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0068.956] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.957] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0068.957] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.958] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.958] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.959] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.959] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.960] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.960] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.961] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.961] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.961] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0068.962] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.962] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.963] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0068.963] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0068.964] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0068.964] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0068.965] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0068.965] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0068.966] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0068.966] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0068.967] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0068.968] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0068.968] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0068.968] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0068.969] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0068.969] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0068.970] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0068.970] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0068.971] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0068.971] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0068.972] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0068.972] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0068.973] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0068.973] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0068.974] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0068.974] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0068.974] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0068.975] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0068.975] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0068.976] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0068.976] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0068.977] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0068.977] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0068.978] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0068.978] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0068.979] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0068.979] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0068.980] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0068.981] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0068.981] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0068.982] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0069.130] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0069.131] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0069.132] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0069.132] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0069.133] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0069.133] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0069.134] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0069.134] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.135] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0069.136] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0069.136] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0069.137] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.137] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0069.138] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0069.138] Process32NextW (in: hSnapshot=0x34c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 0 [0069.139] CloseHandle (hObject=0x34c) returned 1 [0069.139] Sleep (dwMilliseconds=0x1f4) [0069.763] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x288 [0069.768] Process32FirstW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0069.769] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0069.769] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0069.770] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0069.770] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0069.771] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0069.771] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0069.771] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0069.772] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0069.772] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.773] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0069.773] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0069.774] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.774] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0069.775] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.775] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.776] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.776] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.777] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.777] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.777] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.778] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.778] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.779] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0069.779] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.780] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.780] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0069.781] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0069.781] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.782] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0069.782] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0069.783] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0069.783] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0069.784] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0069.784] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0069.784] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0069.785] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0069.785] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0069.786] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0069.786] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0069.787] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0069.787] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0069.788] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0069.788] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0069.789] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0069.789] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0069.790] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0069.790] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0069.791] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0069.791] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0069.791] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0069.792] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0069.792] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0069.793] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0069.793] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0069.794] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0069.794] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0070.061] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0070.062] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0070.062] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0070.063] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0070.064] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0070.064] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0070.065] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0070.066] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0070.066] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0070.067] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0070.067] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0070.068] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0070.069] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0070.069] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0070.070] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0070.070] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.071] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0070.071] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0070.072] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0070.072] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.073] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0070.073] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0070.074] Process32NextW (in: hSnapshot=0x288, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 0 [0070.074] CloseHandle (hObject=0x288) returned 1 [0070.074] Sleep (dwMilliseconds=0x1f4) [0070.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x308 [0070.845] Process32FirstW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0070.845] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0070.846] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0070.846] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0070.847] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0070.847] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0070.848] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0070.848] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0070.849] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0070.849] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.850] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0070.850] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0070.851] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.851] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0070.851] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.852] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.852] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.853] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.853] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.854] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.854] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.855] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.855] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.856] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0070.856] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.857] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.857] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0070.858] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0070.858] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0070.859] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0070.859] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0070.860] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0070.860] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0070.861] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0070.861] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0070.861] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0070.862] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0070.862] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0070.863] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0070.863] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0070.864] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0070.864] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0070.865] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0070.865] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0070.866] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0070.866] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0070.867] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0070.867] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0070.868] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0070.868] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0070.868] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0070.869] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0070.869] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0070.870] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0070.870] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0070.871] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0070.871] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0070.872] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0070.872] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0071.061] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0071.062] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0071.063] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0071.063] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0071.064] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0071.065] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0071.065] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0071.066] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0071.067] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0071.067] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0071.068] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0071.068] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0071.069] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0071.069] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.070] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0071.071] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0071.071] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0071.072] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.072] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0071.073] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0071.073] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0071.074] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0071.074] CloseHandle (hObject=0x308) returned 1 [0071.074] Sleep (dwMilliseconds=0x1f4) [0071.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2bc [0071.803] Process32FirstW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0071.803] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0071.804] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0071.804] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.805] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0071.805] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.806] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0071.806] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0071.807] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0071.807] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.808] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0071.808] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0071.809] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.809] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0071.810] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.811] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.811] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.812] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.812] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.813] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.813] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.814] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.814] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.815] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0071.815] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.816] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.816] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0071.817] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0071.817] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.817] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0071.818] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0071.818] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0071.819] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0071.819] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0071.820] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0071.820] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0071.821] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0071.821] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0071.822] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0071.822] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0071.823] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0071.823] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0071.824] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0071.824] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0071.825] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0071.825] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0071.826] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0071.827] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0071.827] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0071.828] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0071.828] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0071.829] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0071.829] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0071.830] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0071.830] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0071.831] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0071.831] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0071.832] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0071.832] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0071.833] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0071.833] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0071.834] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0071.835] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0071.835] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0071.836] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0071.837] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0071.837] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0071.838] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0071.839] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0071.839] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0071.840] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0071.840] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0071.841] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.166] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0072.166] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0072.167] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0072.167] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.168] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0072.168] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0072.169] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0072.169] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0072.170] CloseHandle (hObject=0x2bc) returned 1 [0072.170] Sleep (dwMilliseconds=0x1f4) [0072.797] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x368 [0072.815] Process32FirstW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0072.816] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0072.816] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0072.817] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0072.817] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0072.818] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0072.818] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0072.819] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0072.819] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0072.820] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.820] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0072.821] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0072.821] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.822] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0072.822] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.823] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.823] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.824] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.824] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.825] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.825] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.826] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.826] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.827] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0072.827] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.828] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.828] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0072.829] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0072.829] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.830] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0072.830] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0072.831] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0072.831] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0072.832] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0072.832] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0072.833] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0072.833] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0072.834] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0072.834] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0072.835] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0072.836] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0072.836] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0072.837] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0072.837] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0072.838] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0072.838] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0072.839] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0072.839] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0072.840] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0072.840] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0072.841] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0072.841] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0072.842] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0072.842] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0072.843] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0072.843] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0072.844] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0072.845] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0072.845] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0072.846] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0072.847] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0072.847] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0072.848] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0072.849] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0072.849] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0072.850] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0072.851] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0072.851] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0072.852] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0072.853] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0073.091] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0073.100] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0073.100] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0073.101] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0073.101] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0073.102] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0073.102] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0073.105] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0073.105] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0073.106] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0073.106] Process32NextW (in: hSnapshot=0x368, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0073.107] CloseHandle (hObject=0x368) returned 1 [0073.107] Sleep (dwMilliseconds=0x1f4) [0074.488] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x330 [0074.493] Process32FirstW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0074.496] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0074.497] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0074.497] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0074.498] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0074.498] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0074.499] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0074.499] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0074.500] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0074.500] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.501] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0074.501] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0074.502] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.502] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0074.503] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.503] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.503] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.504] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.504] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.505] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.505] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.506] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.506] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.507] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0074.507] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.508] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.508] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0074.509] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0074.512] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.513] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0074.513] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0074.514] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0074.514] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x42, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0074.515] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0074.515] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0074.516] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0074.516] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0074.516] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0074.517] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0074.517] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0074.518] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0074.518] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0074.519] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0074.519] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0074.520] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0074.520] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0074.521] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0074.521] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0074.522] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0074.522] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0074.522] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0074.523] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0074.523] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0074.524] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0074.524] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0074.527] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0074.528] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0074.528] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0074.529] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0074.529] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0074.530] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0074.531] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0074.531] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0074.532] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0074.532] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0074.533] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0074.534] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0074.534] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0074.535] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0074.535] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0074.536] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0074.536] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.537] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0074.538] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0074.538] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0074.539] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0074.539] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0074.540] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0075.245] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0075.245] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0075.246] CloseHandle (hObject=0x330) returned 1 [0075.246] Sleep (dwMilliseconds=0x1f4) [0076.119] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x330 [0076.123] Process32FirstW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0076.124] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0076.124] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0076.125] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0076.125] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0076.126] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0076.126] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0076.126] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0076.127] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0076.127] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.128] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0076.128] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0076.129] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.129] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0076.130] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.130] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.131] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.131] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.132] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.132] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.133] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.133] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.134] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.134] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0076.135] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.135] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.136] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0076.137] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0076.137] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.138] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0076.139] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0076.139] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0076.140] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0076.140] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0076.141] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0076.142] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0076.143] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0076.143] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0076.144] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0076.144] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0076.145] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0076.145] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0076.146] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0076.147] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0076.147] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0076.148] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0076.149] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0076.149] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0076.150] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0076.151] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0076.151] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0076.152] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0076.152] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0076.354] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0076.355] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0076.355] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0076.356] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0076.356] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0076.357] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0076.358] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0076.358] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0076.359] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0076.360] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0076.360] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0076.361] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0076.361] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0076.362] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0076.363] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0076.363] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0076.364] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0076.365] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0076.367] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.367] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0076.368] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0076.369] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0076.369] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0076.370] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0076.370] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0076.371] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0076.371] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0076.372] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0076.372] CloseHandle (hObject=0x330) returned 1 [0076.372] Sleep (dwMilliseconds=0x1f4) [0077.436] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x308 [0077.443] Process32FirstW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0077.443] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0077.444] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0077.444] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0077.445] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0077.445] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0077.446] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0077.446] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0077.454] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0077.454] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.455] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0077.455] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0077.456] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.456] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0077.457] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.457] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.458] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.458] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.459] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.459] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.460] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.460] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.461] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.461] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0077.462] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.462] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.466] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0077.466] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0077.467] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.467] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0077.468] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0077.468] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0077.469] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0077.469] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0077.469] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0077.470] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0077.470] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0077.471] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0077.471] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0077.472] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0077.472] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0077.473] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0077.473] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0077.474] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0077.474] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0077.475] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0077.475] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0077.476] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0077.476] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0077.477] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0077.477] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0077.478] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0077.478] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0077.479] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0077.479] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0077.480] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0077.480] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0077.481] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0077.711] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0077.712] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0077.713] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0077.714] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0077.714] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0077.715] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0077.716] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0077.716] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0077.717] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0077.717] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0077.718] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0077.719] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0077.719] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0077.720] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.720] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0077.721] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0077.722] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0077.722] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.723] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0077.723] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0077.724] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0077.724] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0077.725] Process32NextW (in: hSnapshot=0x308, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0077.725] CloseHandle (hObject=0x308) returned 1 [0077.725] Sleep (dwMilliseconds=0x1f4) [0078.554] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x304 [0078.558] Process32FirstW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0078.562] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0078.563] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0078.563] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0078.564] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0078.564] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0078.564] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0078.565] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0078.566] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0078.566] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.567] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0078.567] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0078.568] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.568] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0078.569] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.569] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.570] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.570] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.570] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.571] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.572] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.572] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.573] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.573] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0078.574] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.574] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.574] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0078.575] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0078.576] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.576] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0078.577] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0078.577] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0078.577] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0078.578] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0078.578] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0078.579] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0078.579] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0078.580] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0078.580] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0078.581] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0078.582] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0078.582] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0078.583] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0078.583] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0078.583] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0078.584] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0078.585] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0078.585] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0078.586] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0078.586] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0078.586] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0078.587] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0078.587] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0078.588] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0078.588] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0078.875] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0078.876] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0078.876] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0078.877] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0078.877] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0078.878] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0078.879] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0078.880] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0078.880] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0078.881] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0078.882] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0078.882] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0078.883] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0078.883] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0078.884] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0078.885] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0078.885] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.886] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0078.886] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0078.887] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0078.887] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0078.888] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0078.888] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0078.889] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0078.890] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0078.890] Process32NextW (in: hSnapshot=0x304, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0078.891] CloseHandle (hObject=0x304) returned 1 [0078.891] Sleep (dwMilliseconds=0x1f4) [0079.599] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x314 [0079.604] Process32FirstW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0079.605] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0079.605] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0079.606] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0079.606] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0079.607] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0079.607] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0079.608] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0079.608] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0079.609] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.609] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0079.610] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0079.610] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.610] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0079.611] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.611] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.612] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.613] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.613] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.613] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.614] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.615] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.615] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.615] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0079.616] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.616] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.617] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0079.617] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0079.618] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.618] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0079.619] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0079.619] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0079.620] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0079.620] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0079.621] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0079.621] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0079.622] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0079.622] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0079.623] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0079.623] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0079.624] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0079.624] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0079.624] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0079.625] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0079.625] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0079.626] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0079.626] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0079.627] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0079.627] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0079.629] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0079.629] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0079.630] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0079.630] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0079.631] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0079.631] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0079.631] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0079.922] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0079.922] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0079.923] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0079.923] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0079.924] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0079.925] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0079.926] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0079.926] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0079.927] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0079.928] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0079.929] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0079.929] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0079.930] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0079.931] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0079.932] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0079.933] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.933] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0079.934] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0079.934] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0079.935] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0079.936] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0079.936] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0079.937] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0079.937] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0079.938] Process32NextW (in: hSnapshot=0x314, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0079.938] CloseHandle (hObject=0x314) returned 1 [0079.938] Sleep (dwMilliseconds=0x1f4) [0080.671] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21c [0080.675] Process32FirstW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0080.676] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0080.676] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0080.677] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0080.677] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0080.678] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0080.678] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0080.679] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0080.679] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0080.680] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.680] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0080.680] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0080.681] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.681] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0080.682] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.682] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.683] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.683] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.684] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.684] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.685] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.685] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.686] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.687] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0080.687] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.688] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.688] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0080.689] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0080.689] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.689] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0080.690] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0080.690] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0080.691] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0080.691] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0080.692] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0080.692] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0080.693] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0080.693] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0080.694] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0080.694] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0080.695] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0080.695] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0080.696] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0080.696] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0080.697] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0080.697] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0080.698] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0080.698] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0080.699] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0080.699] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0080.700] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0080.700] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0080.700] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0080.701] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0080.702] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0080.702] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0080.703] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0080.703] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0080.704] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0080.704] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0080.705] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0080.706] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0080.706] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0080.707] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0080.708] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0080.708] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0080.709] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0080.709] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0080.710] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0080.711] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0080.711] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0080.712] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.712] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0080.713] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0080.714] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0080.714] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0080.715] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0080.715] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0080.716] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0080.716] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0080.717] Process32NextW (in: hSnapshot=0x21c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0080.937] CloseHandle (hObject=0x21c) returned 1 [0080.937] Sleep (dwMilliseconds=0x1f4) [0081.803] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2bc [0081.808] Process32FirstW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0081.809] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0081.809] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0081.810] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0081.810] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0081.811] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0081.811] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0081.812] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0081.812] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0081.813] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.813] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0081.814] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0081.814] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.815] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0081.815] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.816] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.816] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.817] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.817] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.818] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.818] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.819] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.819] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.820] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0081.820] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.821] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.821] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0081.822] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0081.822] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.823] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0081.823] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0081.824] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0081.824] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0081.825] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0081.825] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0081.826] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0081.826] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0081.827] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0081.828] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0081.828] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0081.829] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0081.829] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0081.830] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0081.830] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0081.831] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0081.831] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0081.832] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0081.832] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0081.833] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0081.833] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0081.834] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0081.834] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0081.835] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0081.835] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0081.836] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0081.836] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0081.837] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0081.837] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0081.837] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0081.838] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0081.839] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0081.839] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0081.840] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0081.841] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0081.841] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0082.261] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0082.263] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0082.283] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0082.283] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0082.284] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0082.285] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0082.285] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0082.286] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0082.286] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0082.287] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0082.288] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0082.288] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0082.289] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0082.289] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0082.290] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0082.290] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0082.291] CloseHandle (hObject=0x2bc) returned 1 [0082.291] Sleep (dwMilliseconds=0x1f4) [0083.016] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x330 [0083.021] Process32FirstW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0083.022] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0083.023] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0083.023] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0083.024] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0083.024] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0083.025] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0083.025] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0083.026] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0083.026] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.027] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0083.027] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0083.028] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.028] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0083.029] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.029] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.030] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.031] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.031] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.032] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.032] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.033] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.033] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.034] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0083.034] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.035] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.035] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0083.036] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0083.036] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.037] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0083.037] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0083.038] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0083.038] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0083.039] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0083.039] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0083.040] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0083.040] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0083.041] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0083.041] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0083.042] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0083.042] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0083.043] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0083.043] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0083.044] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0083.044] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0083.045] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0083.045] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0083.046] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0083.046] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0083.047] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0083.047] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0083.048] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0083.048] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0083.049] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0083.049] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0083.050] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0083.050] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0083.051] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0083.051] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0083.052] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0083.052] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0083.053] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0083.054] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0083.054] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0083.055] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0083.055] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0083.056] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0083.057] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0083.057] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0083.058] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0083.058] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0083.059] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.060] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0083.060] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0083.480] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0083.511] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0083.512] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0083.513] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0083.513] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0083.514] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0083.515] Process32NextW (in: hSnapshot=0x330, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0083.515] CloseHandle (hObject=0x330) returned 1 [0083.515] Sleep (dwMilliseconds=0x1f4) [0084.241] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2bc [0084.247] Process32FirstW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0084.248] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0084.248] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0084.249] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0084.249] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0084.250] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0084.250] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0084.251] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0084.251] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0084.252] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.252] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0084.252] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0084.253] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.253] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0084.254] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.254] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.255] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.256] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.256] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.257] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.257] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.258] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.258] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.259] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0084.259] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.260] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.260] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0084.261] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0084.261] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.261] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0084.262] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0084.262] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0084.263] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0084.263] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0084.264] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0084.264] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0084.265] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0084.265] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0084.266] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0084.266] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0084.267] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0084.267] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0084.268] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0084.268] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0084.268] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0084.269] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0084.269] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0084.270] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0084.270] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0084.272] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0084.272] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0084.273] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0084.273] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0084.274] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0084.274] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0084.275] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0084.275] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0084.275] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0084.276] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0084.277] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0084.277] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0084.278] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0084.278] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0084.279] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0084.280] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0084.280] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0084.281] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0084.281] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0084.282] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0084.283] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0084.283] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0084.284] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.284] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0084.285] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0084.285] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0084.286] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0084.475] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0084.475] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0084.476] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0084.476] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0084.477] Process32NextW (in: hSnapshot=0x2bc, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0084.477] CloseHandle (hObject=0x2bc) returned 1 [0084.477] Sleep (dwMilliseconds=0x1f4) [0085.224] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x35c [0085.229] Process32FirstW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0085.230] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0085.230] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0085.231] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0085.231] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0085.232] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0085.232] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0085.233] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0085.233] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0085.234] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.234] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0085.235] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0085.235] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.236] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0085.236] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.237] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.237] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.238] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.238] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.239] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.239] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.240] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.240] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.241] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0085.241] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.242] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.242] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0085.243] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0085.243] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.244] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0085.244] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0085.245] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0085.245] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0085.246] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0085.246] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0085.247] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0085.247] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0085.248] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0085.248] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0085.249] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0085.249] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0085.250] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0085.250] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0085.251] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0085.251] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0085.252] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0085.252] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0085.253] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0085.253] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0085.254] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0085.254] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0085.255] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0085.256] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0085.256] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0085.257] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0085.257] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0085.258] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0085.258] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0085.259] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0085.259] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0085.260] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0085.260] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0085.261] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0085.262] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0085.262] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0085.263] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0085.264] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0085.264] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0085.265] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0085.265] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0085.266] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0085.267] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.267] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0085.268] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0085.268] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0085.269] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0085.269] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0085.270] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0085.270] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0085.678] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0085.678] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0085.679] CloseHandle (hObject=0x35c) returned 1 [0085.679] Sleep (dwMilliseconds=0x1f4) [0086.398] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x35c [0086.445] Process32FirstW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0086.445] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0086.446] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0086.446] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0086.447] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x194, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0086.447] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0086.448] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0086.448] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0086.449] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1ec, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0086.449] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.450] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x234, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0086.450] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0086.451] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.451] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x374, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0086.452] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.452] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.453] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.453] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.453] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.454] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.454] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.455] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.455] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x538, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.456] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0086.456] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.457] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x684, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.457] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4fc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0086.458] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0086.459] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.459] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0086.460] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0086.460] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0086.461] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x834, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0086.461] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0086.462] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0086.462] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0086.463] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0086.463] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0086.464] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0086.465] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0086.465] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0086.466] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0086.466] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="msoia.exe")) returned 1 [0086.467] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0086.467] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="screensaverfireplacesubdivision.exe")) returned 1 [0086.468] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x498, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arc.exe")) returned 1 [0086.468] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="defeatpreston.exe")) returned 1 [0086.469] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boss.exe")) returned 1 [0086.469] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="organizing scsi member.exe")) returned 1 [0086.470] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="rank_airplane_placing.exe")) returned 1 [0086.470] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="income_seeks_grab.exe")) returned 1 [0086.471] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="jurisdictionen.exe")) returned 1 [0086.472] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="modnvidia.exe")) returned 1 [0086.472] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="bidding_beam_removable.exe")) returned 1 [0086.473] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="denial-enough.exe")) returned 1 [0086.473] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="product_tank_attacks.exe")) returned 1 [0086.816] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="neighborhood du pleased.exe")) returned 1 [0086.874] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="valueslatinitalian.exe")) returned 1 [0086.875] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="eddieeau.exe")) returned 1 [0086.902] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="testedhousewives.exe")) returned 1 [0086.903] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="boys.exe")) returned 1 [0086.903] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="extending_salvador_coming.exe")) returned 1 [0086.904] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="dimhindu.exe")) returned 1 [0086.905] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="run.exe")) returned 1 [0086.905] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0086.906] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="scratchballacquisition.exe")) returned 1 [0086.907] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arbor.exe")) returned 1 [0086.907] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="arrested.exe")) returned 1 [0086.908] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="burning-continue-seven.exe")) returned 1 [0086.909] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x860, pcPriClassBase=8, dwFlags=0x0, szExeFile="holmes_pi.exe")) returned 1 [0086.909] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfc8, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0086.910] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.910] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x12c, pcPriClassBase=4, dwFlags=0x0, szExeFile="CompatTelRunner.exe")) returned 1 [0086.911] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xe60, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0086.911] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xf5c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0086.912] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0086.913] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0086.913] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3c0, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0086.914] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0086.914] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1 [0086.915] Process32NextW (in: hSnapshot=0x35c, lppe=0x49f558 | out: lppe=0x49f558*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x234, pcPriClassBase=13, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0 [0086.915] CloseHandle (hObject=0x35c) returned 1 [0086.915] Sleep (dwMilliseconds=0x1f4) Thread: id = 11 os_tid = 0xc9c [0052.414] GetProcessHeap () returned 0x4b0000 [0052.414] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x21a) returned 0x4cffe0 [0052.414] GetProcessHeap () returned 0x4b0000 [0052.414] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x4c0468 [0052.414] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x250 [0052.414] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x254 [0052.414] GetComputerNameW (in: lpBuffer=0x4cfff0, nSize=0xb9fb48 | out: lpBuffer="NQDPDE", nSize=0xb9fb48) returned 1 [0052.414] GetProcessHeap () returned 0x4b0000 [0052.414] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf5c0 [0052.415] GetProcessHeap () returned 0x4b0000 [0052.415] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4d5880 [0052.415] GetProcessHeap () returned 0x4b0000 [0052.415] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4d9888 [0052.518] WNetOpenEnumW (in: dwScope=0x1, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xb9fafc | out: lphEnum=0xb9fafc*=0x4d0898) returned 0x0 [0054.928] WNetEnumResourceW (in: hEnum=0x4d0898, lpcCount=0xb9faf0, lpBuffer=0x4d5880, lpBufferSize=0xb9fb04 | out: lpcCount=0xb9faf0, lpBuffer=0x4d5880, lpBufferSize=0xb9fb04) returned 0x103 [0054.928] WNetCloseEnum (hEnum=0x4d0898) returned 0x0 [0054.928] GetProcessHeap () returned 0x4b0000 [0054.928] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d5880 | out: hHeap=0x4b0000) returned 1 [0054.928] GetProcessHeap () returned 0x4b0000 [0054.928] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d9888 | out: hHeap=0x4b0000) returned 1 [0054.928] GetProcessHeap () returned 0x4b0000 [0054.929] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4bf40b0 [0054.929] GetProcessHeap () returned 0x4b0000 [0054.929] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4d5880 [0054.929] WNetOpenEnumW (in: dwScope=0x4, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xb9fae4 | out: lphEnum=0xb9fae4*=0x4c0c00) returned 0x0 [0054.930] WNetEnumResourceW (in: hEnum=0x4c0c00, lpcCount=0xb9fad8, lpBuffer=0x4bf40b0, lpBufferSize=0xb9faec | out: lpcCount=0xb9fad8, lpBuffer=0x4bf40b0, lpBufferSize=0xb9faec) returned 0x103 [0054.930] WNetCloseEnum (hEnum=0x4c0c00) returned 0x0 [0054.930] GetProcessHeap () returned 0x4b0000 [0054.930] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.930] GetProcessHeap () returned 0x4b0000 [0054.930] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d5880 | out: hHeap=0x4b0000) returned 1 [0054.930] GetProcessHeap () returned 0x4b0000 [0054.930] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4bf40b0 [0054.930] GetProcessHeap () returned 0x4b0000 [0054.930] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4d5880 [0054.930] WNetOpenEnumW (in: dwScope=0x5, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xb9facc | out: lphEnum=0xb9facc*=0x4d0840) returned 0x0 [0068.518] WNetEnumResourceW (in: hEnum=0x4d0840, lpcCount=0xb9fac0, lpBuffer=0x4bf40b0, lpBufferSize=0xb9fad4 | out: lpcCount=0xb9fac0, lpBuffer=0x4bf40b0, lpBufferSize=0xb9fad4) returned 0x0 [0068.519] GetProcessHeap () returned 0x4b0000 [0068.519] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4bf80b8 [0068.519] GetProcessHeap () returned 0x4b0000 [0068.519] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0068.519] WNetOpenEnumW (in: dwScope=0x5, dwType=0x0, dwUsage=0x0, lpNetResource=0x4bf40b0, lphEnum=0xb9fa84 | out: lphEnum=0xb9fa84*=0x4d0a50) returned 0x0 [0083.369] WNetEnumResourceW (in: hEnum=0x4d0a50, lpcCount=0xb9fa78, lpBuffer=0x4bf80b8, lpBufferSize=0xb9fa8c | out: lpcCount=0xb9fa78, lpBuffer=0x4bf80b8, lpBufferSize=0xb9fa8c) returned 0x0 [0083.369] WNetEnumResourceW (in: hEnum=0x4d0a50, lpcCount=0xb9fa78, lpBuffer=0x4bf80b8, lpBufferSize=0xb9fa8c | out: lpcCount=0xb9fa78, lpBuffer=0x4bf80b8, lpBufferSize=0xb9fa8c) returned 0x103 [0083.369] WNetCloseEnum (hEnum=0x4d0a50) returned 0x0 [0083.369] GetProcessHeap () returned 0x4b0000 [0083.369] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf80b8 | out: hHeap=0x4b0000) returned 1 [0083.370] GetProcessHeap () returned 0x4b0000 [0083.370] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0083.370] WNetEnumResourceW (in: hEnum=0x4d0840, lpcCount=0xb9fac0, lpBuffer=0x4bf40b0, lpBufferSize=0xb9fad4 | out: lpcCount=0xb9fac0, lpBuffer=0x4bf40b0, lpBufferSize=0xb9fad4) returned 0x103 [0083.370] WNetCloseEnum (hEnum=0x4d0840) returned 0x0 [0083.370] GetProcessHeap () returned 0x4b0000 [0083.370] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0083.370] GetProcessHeap () returned 0x4b0000 [0083.370] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d5880 | out: hHeap=0x4b0000) returned 1 [0083.372] GetProcessHeap () returned 0x4b0000 [0083.372] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4f710b0 [0083.372] GetProcessHeap () returned 0x4b0000 [0083.372] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4d5880 [0083.372] WNetOpenEnumW (in: dwScope=0x3, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xb9fafc | out: lphEnum=0xb9fafc*=0x4c0be0) returned 0x0 [0083.374] WNetEnumResourceW (in: hEnum=0x4c0be0, lpcCount=0xb9faf0, lpBuffer=0x4f710b0, lpBufferSize=0xb9fb04 | out: lpcCount=0xb9faf0, lpBuffer=0x4f710b0, lpBufferSize=0xb9fb04) returned 0x103 [0083.375] WNetCloseEnum (hEnum=0x4c0be0) returned 0x0 [0083.375] GetProcessHeap () returned 0x4b0000 [0083.375] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f710b0 | out: hHeap=0x4b0000) returned 1 [0083.375] GetProcessHeap () returned 0x4b0000 [0083.375] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d5880 | out: hHeap=0x4b0000) returned 1 [0083.375] GetProcessHeap () returned 0x4b0000 [0083.375] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4f710b0 [0083.375] GetProcessHeap () returned 0x4b0000 [0083.375] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4d5880 [0083.375] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0xb9fae4 | out: lphEnum=0xb9fae4*=0x4c06070) returned 0x0 [0083.375] WNetEnumResourceW (in: hEnum=0x4c06070, lpcCount=0xb9fad8, lpBuffer=0x4f710b0, lpBufferSize=0xb9faec | out: lpcCount=0xb9fad8, lpBuffer=0x4f710b0, lpBufferSize=0xb9faec) returned 0x0 [0083.375] GetProcessHeap () returned 0x4b0000 [0083.375] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4f750b8 [0083.375] GetProcessHeap () returned 0x4b0000 [0083.375] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0083.376] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x4f710f0, lphEnum=0xb9fa9c | out: lphEnum=0xb9fa9c*=0x0) returned 0x4c6 [0083.377] GetProcessHeap () returned 0x4b0000 [0083.377] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f750b8 | out: hHeap=0x4b0000) returned 1 [0083.377] GetProcessHeap () returned 0x4b0000 [0083.377] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0083.377] GetProcessHeap () returned 0x4b0000 [0083.377] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4f750b8 [0083.377] GetProcessHeap () returned 0x4b0000 [0083.377] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0083.377] WNetOpenEnumW (dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x4f710d0, lphEnum=0xb9fa9c) Thread: id = 12 os_tid = 0x770 [0052.503] GetLogicalDrives () returned 0x4 [0052.503] GetProcessHeap () returned 0x4b0000 [0052.503] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x4bdea8 [0052.503] GetProcessHeap () returned 0x4b0000 [0052.504] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x4c0498 [0052.504] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x24c [0052.504] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x258 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf520 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf548 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4cf5e8 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea528 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea528 | out: hHeap=0x4b0000) returned 1 [0052.504] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4cf548, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf5e8 | out: hHeap=0x4b0000) returned 1 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf520 | out: hHeap=0x4b0000) returned 1 [0052.504] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xc1f76c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xc1f76c*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.504] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf548 | out: hHeap=0x4b0000) returned 1 [0052.504] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1120 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d11b0 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d11f8 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea490 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1138 [0052.505] htonl (hostlong=0xb4197730) returned 0x307719b4 [0052.505] QueryPerformanceCounter (in: lpPerformanceCount=0xc1f668 | out: lpPerformanceCount=0xc1f668*=14378642314) returned 1 [0052.505] GetTickCount () returned 0x114da06 [0052.505] GetCurrentProcessId () returned 0xe5c [0052.505] GetCurrentThreadId () returned 0x770 [0052.505] GetLocalTime (in: lpSystemTime=0xc1f650 | out: lpSystemTime=0xc1f650*(wYear=0x7e3, wMonth=0xb, wDayOfWeek=0x6, wDay=0x2, wHour=0x14, wMinute=0x38, wSecond=0x0, wMilliseconds=0x1f8)) [0052.505] SystemTimeToFileTime (in: lpSystemTime=0xc1f650, lpFileTime=0xc1f660 | out: lpFileTime=0xc1f660) returned 1 [0052.505] QueryPerformanceCounter (in: lpPerformanceCount=0xc1f668 | out: lpPerformanceCount=0xc1f668*=14378662535) returned 1 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x28) returned 0x4c03a8 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d11e0 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfd48 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x14) returned 0x4c0ce0 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1168 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x80) returned 0x4b2df8 [0052.505] GetProcessHeap () returned 0x4b0000 [0052.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1180 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x82) returned 0x4b9c10 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1198 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfde8 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1228 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x80) returned 0x4b8148 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1210 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x2) returned 0x4cfc98 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfdb8 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1300 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x80) returned 0x4b8910 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d12d0 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfd38 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4cfc98, Size=0x82) returned 0x4ba6a8 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4cfd38, Size=0x100) returned 0x4b39e8 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d12a0 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x82) returned 0x4ba738 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1318 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x82) returned 0x4eb178 [0052.506] GetProcessHeap () returned 0x4b0000 [0052.506] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4ba6a8, Size=0x104) returned 0x4eb208 [0052.507] GetProcessHeap () returned 0x4b0000 [0052.507] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b39e8, Size=0x200) returned 0x4eb318 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cfdb8 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eb318 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d12d0 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8148 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1228 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8910 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1300 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eb208 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1210 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba738 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d12a0 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eb178 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1318 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cfd48 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d11e0 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1180 | out: hHeap=0x4b0000) returned 1 [0052.508] GetProcessHeap () returned 0x4b0000 [0052.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b2df8 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1168 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cfde8 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1198 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c03a8 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c0ce0 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xa4) returned 0x4b8ba8 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d11b0 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d11f8 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea490 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1138 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1120 | out: hHeap=0x4b0000) returned 1 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x14) returned 0x4c0b40 [0052.509] GetProcessHeap () returned 0x4b0000 [0052.509] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0xe) returned 0x4d11f8 [0052.509] ResetEvent (hEvent=0x258) returned 1 [0052.509] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x404a4c, lpParameter=0x4c0b40, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x25c [0052.510] CloseHandle (hObject=0x25c) returned 1 [0052.510] GetProcessHeap () returned 0x4b0000 [0052.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1120 [0052.510] GetProcessHeap () returned 0x4b0000 [0052.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1228 [0052.510] GetProcessHeap () returned 0x4b0000 [0052.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d11e0 [0052.510] GetProcessHeap () returned 0x4b0000 [0052.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea658 [0052.510] GetProcessHeap () returned 0x4b0000 [0052.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1138 [0052.510] htonl (hostlong=0xb4197730) returned 0x307719b4 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x28) returned 0x4c02b8 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1210 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfd38 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x14) returned 0x4c0b00 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1168 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x80) returned 0x4b2df8 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1180 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x82) returned 0x4b9c10 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d11b0 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfd48 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1198 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x80) returned 0x4b8148 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1330 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x2) returned 0x4cfdd8 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfcf8 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1348 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x80) returned 0x4b8910 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d12d0 [0052.511] GetProcessHeap () returned 0x4b0000 [0052.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4) returned 0x4cfc58 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4cfdd8, Size=0x82) returned 0x4ba6a8 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4cfc58, Size=0x100) returned 0x4b39e8 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d12b8 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x82) returned 0x4ba738 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10) returned 0x4d1360 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x82) returned 0x4eb178 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4ba6a8, Size=0x104) returned 0x4eb208 [0052.512] GetProcessHeap () returned 0x4b0000 [0052.512] RtlReAllocateHeap (Heap=0x4b0000, Flags=0x0, Ptr=0x4b39e8, Size=0x200) returned 0x4eb318 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cfcf8 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eb318 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d12d0 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8148 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1198 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b8910 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1348 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eb208 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1330 | out: hHeap=0x4b0000) returned 1 [0052.513] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba738 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d12b8 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4eb178 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1360 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cfd38 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1210 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b9c10 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1180 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4b2df8 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1168 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cfd48 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d11b0 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c02b8 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c0b00 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xa4) returned 0x4b8c58 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1228 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d11e0 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea658 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1138 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d1120 | out: hHeap=0x4b0000) returned 1 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x14) returned 0x4c0cc0 [0052.514] GetProcessHeap () returned 0x4b0000 [0052.514] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0xe) returned 0x4d1120 [0052.515] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x404a4c, lpParameter=0x4c0cc0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x25c [0052.515] CloseHandle (hObject=0x25c) returned 1 [0052.516] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) Thread: id = 13 os_tid = 0x658 [0052.516] GetLogicalDrives () returned 0x4 [0052.516] GetProcessHeap () returned 0x4b0000 [0052.516] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x20) returned 0x4cf3e0 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4cf408 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1e) returned 0x4cf430 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x90) returned 0x4ea2c8 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea2c8 | out: hHeap=0x4b0000) returned 1 [0052.517] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%\\", lpDst=0x4cf408, nSize=0xf | out: lpDst="C:\\") returned 0x4 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf430 | out: hHeap=0x4b0000) returned 1 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf3e0 | out: hHeap=0x4b0000) returned 1 [0052.517] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0xc9f7fc, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xc9f7fc*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4cf408 | out: hHeap=0x4b0000) returned 1 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x40) returned 0x4bd9e0 [0052.517] GetProcessHeap () returned 0x4b0000 [0052.517] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x4c02b8 [0052.517] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x25c [0052.517] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x260 [0052.517] GetLogicalDrives () returned 0x4 [0052.517] Sleep (dwMilliseconds=0x3e8) [0053.706] GetLogicalDrives () returned 0x4 [0053.715] Sleep (dwMilliseconds=0x3e8) [0054.931] GetLogicalDrives () returned 0x4 [0054.931] Sleep (dwMilliseconds=0x3e8) [0056.071] GetLogicalDrives () returned 0x4 [0056.071] Sleep (dwMilliseconds=0x3e8) [0057.113] GetLogicalDrives () returned 0x4 [0057.113] Sleep (dwMilliseconds=0x3e8) [0058.145] GetLogicalDrives () returned 0x4 [0058.145] Sleep (dwMilliseconds=0x3e8) [0059.165] GetLogicalDrives () returned 0x4 [0059.165] Sleep (dwMilliseconds=0x3e8) [0060.195] GetLogicalDrives () returned 0x4 [0060.195] Sleep (dwMilliseconds=0x3e8) [0061.200] GetLogicalDrives () returned 0x4 [0061.200] Sleep (dwMilliseconds=0x3e8) [0062.258] GetLogicalDrives () returned 0x4 [0062.278] Sleep (dwMilliseconds=0x3e8) [0063.320] GetLogicalDrives () returned 0x4 [0063.320] Sleep (dwMilliseconds=0x3e8) [0064.666] GetLogicalDrives () returned 0x4 [0064.666] Sleep (dwMilliseconds=0x3e8) [0065.922] GetLogicalDrives () returned 0x4 [0065.922] Sleep (dwMilliseconds=0x3e8) [0067.132] GetLogicalDrives () returned 0x4 [0067.132] Sleep (dwMilliseconds=0x3e8) [0068.509] GetLogicalDrives () returned 0x4 [0068.509] Sleep (dwMilliseconds=0x3e8) [0069.689] GetLogicalDrives () returned 0x4 [0069.689] Sleep (dwMilliseconds=0x3e8) [0070.974] GetLogicalDrives () returned 0x4 [0070.974] Sleep (dwMilliseconds=0x3e8) [0072.231] GetLogicalDrives () returned 0x4 [0072.231] Sleep (dwMilliseconds=0x3e8) [0073.369] GetLogicalDrives () returned 0x4 [0073.369] Sleep (dwMilliseconds=0x3e8) [0074.743] GetLogicalDrives () returned 0x4 [0074.743] Sleep (dwMilliseconds=0x3e8) [0076.119] GetLogicalDrives () returned 0x4 [0076.119] Sleep (dwMilliseconds=0x3e8) [0077.595] GetLogicalDrives () returned 0x4 [0077.595] Sleep (dwMilliseconds=0x3e8) [0078.891] GetLogicalDrives () returned 0x4 [0078.891] Sleep (dwMilliseconds=0x3e8) [0080.261] GetLogicalDrives () returned 0x4 [0080.261] Sleep (dwMilliseconds=0x3e8) [0081.412] GetLogicalDrives () returned 0x4 [0081.412] Sleep (dwMilliseconds=0x3e8) [0082.564] GetLogicalDrives () returned 0x4 [0082.564] Sleep (dwMilliseconds=0x3e8) [0083.698] GetLogicalDrives () returned 0x4 [0083.698] Sleep (dwMilliseconds=0x3e8) [0084.883] GetLogicalDrives () returned 0x4 [0084.883] Sleep (dwMilliseconds=0x3e8) [0086.113] GetLogicalDrives () returned 0x4 [0086.113] Sleep (dwMilliseconds=0x3e8) [0087.281] GetLogicalDrives () returned 0x4 [0087.281] Sleep (dwMilliseconds=0x3e8) Thread: id = 14 os_tid = 0xf84 [0052.854] GetProcessHeap () returned 0x4b0000 [0052.854] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x38) returned 0x4c2b50 [0052.854] GetProcessHeap () returned 0x4b0000 [0052.854] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x18) returned 0x4c0d40 [0052.854] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x28c [0052.854] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x290 [0052.854] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x294 [0052.854] GetProcessHeap () returned 0x4b0000 [0052.854] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x51ec28 [0052.855] GetProcessHeap () returned 0x4b0000 [0052.855] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4d0e70 [0052.855] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0052.855] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0052.855] Wow64DisableWow64FsRedirection (in: OldValue=0xe1fd1c | out: OldValue=0xe1fd1c*=0x0) returned 1 [0052.855] GetProcessHeap () returned 0x4b0000 [0052.855] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0e70 | out: hHeap=0x4b0000) returned 1 [0052.855] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x4048ba, lpParameter=0xe1fd20, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x298 [0052.855] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x4048ba, lpParameter=0xe1fd20, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x29c [0052.856] GetProcessHeap () returned 0x4b0000 [0052.856] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x52ec30 [0052.856] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="$GetCurrent", cAlternateFileName="$GETCU~1")) returned 0x4c2a10 [0052.859] GetProcessHeap () returned 0x4b0000 [0052.859] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x54fc48 [0052.859] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0052.861] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0052.861] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Logs", cAlternateFileName="")) returned 1 [0052.861] GetProcessHeap () returned 0x4b0000 [0052.861] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x560c58 [0052.861] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0052.862] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.862] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x542c8aac, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0xafe5f7a, ftLastWriteTime.dwHighDateTime=0x1d3273e, nFileSizeHigh=0x0, nFileSizeLow=0xa6b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="downlevel_2017_09_07_02_02_39_766.log", cAlternateFileName="DOWNLE~1.LOG")) returned 1 [0052.862] SetEvent (hEvent=0x290) returned 1 [0052.862] ResetEvent (hEvent=0x294) returned 1 [0052.862] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x973abb0f, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1774, dwReserved0=0x0, dwReserved1=0x0, cFileName="oobe_2017_09_07_03_08_57_737.log", cAlternateFileName="OOBE_2~1.LOG")) returned 1 [0052.862] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 1 [0052.862] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 0 [0052.862] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0052.863] GetProcessHeap () returned 0x4b0000 [0052.863] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x560c58 | out: hHeap=0x4b0000) returned 1 [0052.863] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SafeOS", cAlternateFileName="")) returned 1 [0052.863] GetProcessHeap () returned 0x4b0000 [0052.863] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x560c58 [0052.864] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0052.868] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.868] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9568f13f, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9568f13f, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xfb529700, ftLastWriteTime.dwHighDateTime=0x1d2fc76, nFileSizeHigh=0x0, nFileSizeLow=0x232c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentOOBE.dll", cAlternateFileName="GETCUR~1.DLL")) returned 1 [0052.868] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x956819aa, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x956819aa, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentRollback.ini", cAlternateFileName="GETCUR~1.INI")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x54acc791, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0x54acc791, ftLastWriteTime.dwHighDateTime=0x1d3273a, nFileSizeHigh=0x0, nFileSizeLow=0x241, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupComplete.cmd", cAlternateFileName="PARTNE~1.CMD")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9575af11, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9577d1ec, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="preoobe.cmd", cAlternateFileName="")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 0 [0052.869] FindClose (in: hFindFile=0x4c2bd0 | out: hFindFile=0x4c2bd0) returned 1 [0052.870] GetProcessHeap () returned 0x4b0000 [0052.870] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x560c58 | out: hHeap=0x4b0000) returned 1 [0052.870] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SafeOS", cAlternateFileName="")) returned 0 [0052.870] FindClose (in: hFindFile=0x4c2990 | out: hFindFile=0x4c2990) returned 1 [0052.870] GetProcessHeap () returned 0x4b0000 [0052.870] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x54fc48 | out: hHeap=0x4b0000) returned 1 [0052.871] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 1 [0052.871] GetProcessHeap () returned 0x4b0000 [0052.871] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x54fc48 [0052.872] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0052.872] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0052.872] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0052.872] GetProcessHeap () returned 0x4b0000 [0052.872] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0052.872] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0052.873] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.873] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.873] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0052.873] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0052.873] GetProcessHeap () returned 0x4b0000 [0052.873] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0052.873] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0052.873] GetProcessHeap () returned 0x4b0000 [0052.873] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0052.874] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0052.874] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.874] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.874] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0052.874] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0052.874] GetProcessHeap () returned 0x4b0000 [0052.874] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0052.875] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0052.875] FindClose (in: hFindFile=0x4c2bd0 | out: hFindFile=0x4c2bd0) returned 1 [0052.875] GetProcessHeap () returned 0x4b0000 [0052.875] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x54fc48 | out: hHeap=0x4b0000) returned 1 [0052.876] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x85776261, ftCreationTime.dwHighDateTime=0x1d3276f, ftLastAccessTime.dwLowDateTime=0x85776261, ftLastAccessTime.dwHighDateTime=0x1d3276f, ftLastWriteTime.dwLowDateTime=0x85776261, ftLastWriteTime.dwHighDateTime=0x1d3276f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="$WINRE_BACKUP_PARTITION.MARKER", cAlternateFileName="$WINRE~1.MAR")) returned 1 [0052.876] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="588bce7c90097ed212", cAlternateFileName="588BCE~1")) returned 1 [0052.876] GetProcessHeap () returned 0x4b0000 [0052.876] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x54fc48 [0052.877] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0052.897] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0052.899] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1025", cAlternateFileName="")) returned 1 [0052.899] GetProcessHeap () returned 0x4b0000 [0052.899] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0052.900] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0052.900] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.901] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1d8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0052.901] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x121e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0052.901] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0052.901] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0052.902] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0052.902] GetProcessHeap () returned 0x4b0000 [0052.902] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0052.903] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1028", cAlternateFileName="")) returned 1 [0052.903] GetProcessHeap () returned 0x4b0000 [0052.903] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0052.903] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0052.904] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.904] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0052.904] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0052.904] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0052.905] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0052.906] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0052.906] GetProcessHeap () returned 0x4b0000 [0052.906] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0052.906] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1029", cAlternateFileName="")) returned 1 [0052.906] GetProcessHeap () returned 0x4b0000 [0052.906] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0052.907] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0052.908] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.908] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0052.908] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0052.908] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0052.908] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0052.910] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0052.910] GetProcessHeap () returned 0x4b0000 [0052.910] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0052.910] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1030", cAlternateFileName="")) returned 1 [0052.910] GetProcessHeap () returned 0x4b0000 [0052.910] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0052.911] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0052.911] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.082] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xcf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.082] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.082] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.082] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.082] FindClose (in: hFindFile=0x4c2bd0 | out: hFindFile=0x4c2bd0) returned 1 [0053.082] GetProcessHeap () returned 0x4b0000 [0053.082] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.083] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1031", cAlternateFileName="")) returned 1 [0053.083] GetProcessHeap () returned 0x4b0000 [0053.083] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.083] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0053.083] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.083] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.083] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.083] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.083] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.084] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0053.084] GetProcessHeap () returned 0x4b0000 [0053.084] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.084] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1032", cAlternateFileName="")) returned 1 [0053.084] GetProcessHeap () returned 0x4b0000 [0053.084] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.084] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.084] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x22ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.085] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1510c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.085] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.085] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.085] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.085] GetProcessHeap () returned 0x4b0000 [0053.085] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.085] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1033", cAlternateFileName="")) returned 1 [0053.085] GetProcessHeap () returned 0x4b0000 [0053.085] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.086] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.086] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd723cc00, ftCreationTime.dwHighDateTime=0x1cabb47, ftLastAccessTime.dwLowDateTime=0xd723cc00, ftLastAccessTime.dwHighDateTime=0x1cabb47, ftLastWriteTime.dwLowDateTime=0xd723cc00, ftLastWriteTime.dwHighDateTime=0x1cabb47, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.086] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x47ad1a00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x47ad1a00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x47ad1a00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12db0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.086] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.086] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.086] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.086] GetProcessHeap () returned 0x4b0000 [0053.086] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.087] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1035", cAlternateFileName="")) returned 1 [0053.087] GetProcessHeap () returned 0x4b0000 [0053.087] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.087] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.087] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.087] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.087] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12cde, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.087] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.087] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.088] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.088] GetProcessHeap () returned 0x4b0000 [0053.088] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.088] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1036", cAlternateFileName="")) returned 1 [0053.088] GetProcessHeap () returned 0x4b0000 [0053.088] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.088] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.088] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.088] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.089] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x14412, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.089] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.089] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.089] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.089] GetProcessHeap () returned 0x4b0000 [0053.089] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.089] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1037", cAlternateFileName="")) returned 1 [0053.089] GetProcessHeap () returned 0x4b0000 [0053.089] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.090] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.090] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.090] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.090] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1198c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.090] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.090] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.090] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.090] GetProcessHeap () returned 0x4b0000 [0053.090] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.091] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1038", cAlternateFileName="")) returned 1 [0053.091] GetProcessHeap () returned 0x4b0000 [0053.091] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.091] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.091] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.091] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.091] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x151aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.091] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.091] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.092] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.092] GetProcessHeap () returned 0x4b0000 [0053.092] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.092] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1040", cAlternateFileName="")) returned 1 [0053.092] GetProcessHeap () returned 0x4b0000 [0053.092] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.092] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.092] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.093] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.093] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x138bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.093] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.093] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.093] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.093] GetProcessHeap () returned 0x4b0000 [0053.093] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.093] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1041", cAlternateFileName="")) returned 1 [0053.093] GetProcessHeap () returned 0x4b0000 [0053.093] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.094] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.094] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.094] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.094] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x10a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.094] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.094] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.094] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.094] GetProcessHeap () returned 0x4b0000 [0053.094] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.095] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1042", cAlternateFileName="")) returned 1 [0053.095] GetProcessHeap () returned 0x4b0000 [0053.095] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.095] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0053.095] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.095] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x318f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.095] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xfed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.096] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.096] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.096] FindClose (in: hFindFile=0x4c2bd0 | out: hFindFile=0x4c2bd0) returned 1 [0053.096] GetProcessHeap () returned 0x4b0000 [0053.096] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.097] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1043", cAlternateFileName="")) returned 1 [0053.097] GetProcessHeap () returned 0x4b0000 [0053.097] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.097] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.097] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.097] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdda, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.097] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13712, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.097] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.098] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.098] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.098] GetProcessHeap () returned 0x4b0000 [0053.098] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.098] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1044", cAlternateFileName="")) returned 1 [0053.098] GetProcessHeap () returned 0x4b0000 [0053.098] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.098] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.099] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.099] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.099] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x135c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.099] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.099] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.099] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.099] GetProcessHeap () returned 0x4b0000 [0053.099] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.099] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1045", cAlternateFileName="")) returned 1 [0053.099] GetProcessHeap () returned 0x4b0000 [0053.099] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.100] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.100] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.100] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.100] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.100] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.100] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.101] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.101] GetProcessHeap () returned 0x4b0000 [0053.101] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.101] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1046", cAlternateFileName="")) returned 1 [0053.101] GetProcessHeap () returned 0x4b0000 [0053.101] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.101] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.101] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.102] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.102] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13b62, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.102] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.102] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.102] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.102] GetProcessHeap () returned 0x4b0000 [0053.102] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.102] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1049", cAlternateFileName="")) returned 1 [0053.102] GetProcessHeap () returned 0x4b0000 [0053.102] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.103] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.103] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.103] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.103] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.103] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.103] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.103] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.103] GetProcessHeap () returned 0x4b0000 [0053.103] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.104] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1053", cAlternateFileName="")) returned 1 [0053.104] GetProcessHeap () returned 0x4b0000 [0053.104] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.104] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.104] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.104] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf19, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.104] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.104] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.105] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.105] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.105] GetProcessHeap () returned 0x4b0000 [0053.105] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.105] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1055", cAlternateFileName="")) returned 1 [0053.105] GetProcessHeap () returned 0x4b0000 [0053.105] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.105] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.106] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.106] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.106] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.106] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.106] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.106] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.106] GetProcessHeap () returned 0x4b0000 [0053.106] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.106] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="2052", cAlternateFileName="")) returned 1 [0053.106] GetProcessHeap () returned 0x4b0000 [0053.106] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.107] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.107] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x16c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.107] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.107] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.107] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.107] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.107] GetProcessHeap () returned 0x4b0000 [0053.107] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.108] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="2070", cAlternateFileName="")) returned 1 [0053.108] GetProcessHeap () returned 0x4b0000 [0053.108] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.108] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c90 [0053.108] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.108] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.108] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1397e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.109] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.109] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.109] FindClose (in: hFindFile=0x4c2c90 | out: hFindFile=0x4c2c90) returned 1 [0053.109] GetProcessHeap () returned 0x4b0000 [0053.109] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.109] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="3076", cAlternateFileName="")) returned 1 [0053.109] GetProcessHeap () returned 0x4b0000 [0053.109] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.109] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0053.110] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.110] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.110] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.110] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.110] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.110] FindClose (in: hFindFile=0x4c2bd0 | out: hFindFile=0x4c2bd0) returned 1 [0053.110] GetProcessHeap () returned 0x4b0000 [0053.110] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.110] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="3082", cAlternateFileName="")) returned 1 [0053.110] GetProcessHeap () returned 0x4b0000 [0053.110] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.111] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.111] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.111] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.111] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1387c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.111] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.111] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.111] FindClose (in: hFindFile=0x4c2c10 | out: hFindFile=0x4c2c10) returned 1 [0053.111] GetProcessHeap () returned 0x4b0000 [0053.111] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.112] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Client", cAlternateFileName="")) returned 1 [0053.112] GetProcessHeap () returned 0x4b0000 [0053.112] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.112] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0053.177] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.177] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce2bc00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0xce2bc00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0xce2bc00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x31444, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0053.177] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0053.177] FindNextFileW (in: hFindFile=0x4c2bd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0053.177] FindClose (in: hFindFile=0x4c2bd0 | out: hFindFile=0x4c2bd0) returned 1 [0053.177] GetProcessHeap () returned 0x4b0000 [0053.177] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.177] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbc518d00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbc518d00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbc518d00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3ef6, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="DHtmlHeader.html", cAlternateFileName="DHTMLH~1.HTM")) returned 1 [0053.178] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x159d5, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="DisplayIcon.ico", cAlternateFileName="DISPLA~1.ICO")) returned 1 [0053.178] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Extended", cAlternateFileName="")) returned 1 [0053.178] GetProcessHeap () returned 0x4b0000 [0053.178] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.178] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0053.178] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.178] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2a714f00, ftCreationTime.dwHighDateTime=0x1cac6f0, ftLastAccessTime.dwLowDateTime=0x2a714f00, ftLastAccessTime.dwHighDateTime=0x1cac6f0, ftLastWriteTime.dwLowDateTime=0x2a714f00, ftLastWriteTime.dwHighDateTime=0x1cac6f0, nFileSizeHigh=0x0, nFileSizeLow=0x16c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0053.178] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0053.179] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0053.179] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0053.179] GetProcessHeap () returned 0x4b0000 [0053.179] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.179] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Graphics", cAlternateFileName="")) returned 1 [0053.179] GetProcessHeap () returned 0x4b0000 [0053.179] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55fc50 [0053.179] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.181] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.181] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Print.ico", cAlternateFileName="")) returned 1 [0053.181] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate1.ico", cAlternateFileName="")) returned 1 [0053.181] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate2.ico", cAlternateFileName="")) returned 1 [0053.181] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate3.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate4.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate5.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate6.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate7.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate8.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Save.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x8f66, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b5e7f00, ftCreationTime.dwHighDateTime=0x1ca927c, ftLastAccessTime.dwLowDateTime=0x5b5e7f00, ftLastAccessTime.dwHighDateTime=0x1ca927c, ftLastWriteTime.dwLowDateTime=0x5b5e7f00, ftLastWriteTime.dwHighDateTime=0x1ca927c, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="stop.ico", cAlternateFileName="")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqMet.ico", cAlternateFileName="SYSREQ~1.ICO")) returned 1 [0053.182] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqNotMet.ico", cAlternateFileName="SYSREQ~2.ICO")) returned 1 [0053.183] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 1 [0053.183] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 0 [0053.183] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.183] GetProcessHeap () returned 0x4b0000 [0053.183] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55fc50 | out: hHeap=0x4b0000) returned 1 [0053.184] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0xe2c, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="header.bmp", cAlternateFileName="")) returned 1 [0053.184] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x66ea7e00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0x66ea7e00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0x66ea7e00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0xad1384b, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Core.mzz", cAlternateFileName="NETFX_~1.MZZ")) returned 1 [0053.184] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc183da00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0xc183da00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0xc183da00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d0200, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Core_x64.msi", cAlternateFileName="NETFX_~1.MSI")) returned 1 [0053.184] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4c130c00, ftCreationTime.dwHighDateTime=0x1cac6d9, ftLastAccessTime.dwLowDateTime=0x4c130c00, ftLastAccessTime.dwHighDateTime=0x1cac6d9, ftLastWriteTime.dwLowDateTime=0x4c130c00, ftLastWriteTime.dwHighDateTime=0x1cac6d9, nFileSizeHigh=0x0, nFileSizeLow=0x11c000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Core_x86.msi", cAlternateFileName="NETFX_~2.MSI")) returned 1 [0053.184] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74cd515, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf74cd515, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf7cd9415, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x29222c7, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Extended.mzz", cAlternateFileName="NETFX_~2.MZZ")) returned 1 [0053.184] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2dbe0800, ftCreationTime.dwHighDateTime=0x1cac6fb, ftLastAccessTime.dwLowDateTime=0x2dbe0800, ftLastAccessTime.dwHighDateTime=0x1cac6fb, ftLastWriteTime.dwLowDateTime=0x2dbe0800, ftLastWriteTime.dwHighDateTime=0x1cac6fb, nFileSizeHigh=0x0, nFileSizeLow=0xd5000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Extended_x64.msi", cAlternateFileName="NETFX_~3.MSI")) returned 1 [0053.184] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7626f700, ftCreationTime.dwHighDateTime=0x1cac6f6, ftLastAccessTime.dwLowDateTime=0x7626f700, ftLastAccessTime.dwHighDateTime=0x1cac6f6, ftLastWriteTime.dwLowDateTime=0x7626f700, ftLastWriteTime.dwHighDateTime=0x1cac6f6, nFileSizeHigh=0x0, nFileSizeLow=0x79000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Extended_x86.msi", cAlternateFileName="NETFX_~4.MSI")) returned 1 [0053.185] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4a0f7400, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x4a0f7400, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x4a0f7400, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x426ae, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="ParameterInfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0053.185] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x19dedd00, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x19dedd00, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x19dedd00, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x2d200, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="RGB9RAST_x64.msi", cAlternateFileName="RGB9RA~1.MSI")) returned 1 [0053.185] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x177c8300, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x177c8300, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x177c8300, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x17200, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="RGB9Rast_x86.msi", cAlternateFileName="RGB9RA~2.MSI")) returned 1 [0053.185] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x13148, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Setup.exe", cAlternateFileName="")) returned 1 [0053.185] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0xc5158, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupEngine.dll", cAlternateFileName="SETUPE~1.DLL")) returned 1 [0053.185] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x48150, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupUi.dll", cAlternateFileName="")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5381000, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x5381000, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x5381000, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x75a8, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupUi.xsd", cAlternateFileName="")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6519be00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0x6519be00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0x6519be00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x17758, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupUtility.exe", cAlternateFileName="SETUPU~1.EXE")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0xa078, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SplashScreen.bmp", cAlternateFileName="SPLASH~1.BMP")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x143bc400, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0x143bc400, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0x143bc400, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x23420, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="sqmapi.dll", cAlternateFileName="")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3704, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Strings.xml", cAlternateFileName="")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x97f2, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0x19688, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="watermark.bmp", cAlternateFileName="WATERM~1.BMP")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2120bc00, ftCreationTime.dwHighDateTime=0x1cac6c9, ftLastAccessTime.dwLowDateTime=0x2120bc00, ftLastAccessTime.dwHighDateTime=0x1cac6c9, ftLastWriteTime.dwLowDateTime=0x2120bc00, ftLastWriteTime.dwHighDateTime=0x1cac6c9, nFileSizeHigh=0x0, nFileSizeLow=0x4f5113, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.0-KB956250-v6001-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0053.186] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1bbe7400, ftCreationTime.dwHighDateTime=0x1cac6bf, ftLastAccessTime.dwLowDateTime=0x1bbe7400, ftLastAccessTime.dwHighDateTime=0x1cac6bf, ftLastWriteTime.dwLowDateTime=0x1bbe7400, ftLastWriteTime.dwHighDateTime=0x1cac6bf, nFileSizeHigh=0x0, nFileSizeLow=0x217520, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.0-KB956250-v6001-x86.msu", cAlternateFileName="WINDOW~2.MSU")) returned 1 [0053.187] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b8e5700, ftCreationTime.dwHighDateTime=0x1cac6d1, ftLastAccessTime.dwLowDateTime=0x5b8e5700, ftLastAccessTime.dwHighDateTime=0x1cac6d1, ftLastWriteTime.dwLowDateTime=0x5b8e5700, ftLastWriteTime.dwHighDateTime=0x1cac6d1, nFileSizeHigh=0x0, nFileSizeLow=0x4db1ce, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.1-KB958488-v6001-x64.msu", cAlternateFileName="WINDOW~3.MSU")) returned 1 [0053.187] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 1 [0053.187] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 0 [0053.187] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0053.187] GetProcessHeap () returned 0x4b0000 [0053.187] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x54fc48 | out: hHeap=0x4b0000) returned 1 [0053.188] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6fa258, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6fa258, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="Boot", cAlternateFileName="")) returned 1 [0053.188] GetProcessHeap () returned 0x4b0000 [0053.188] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x54ec40 [0053.188] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9d311c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef9d311c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0053.189] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9d311c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef9d311c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0053.190] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xac3efa99, ftLastAccessTime.dwHighDateTime=0x1d4d5d3, ftLastWriteTime.dwLowDateTime=0xac3efa99, ftLastWriteTime.dwHighDateTime=0x1d4d5d3, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD", cAlternateFileName="")) returned 1 [0053.190] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0053.190] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0053.190] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0053.190] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0053.191] GetProcessHeap () returned 0x4b0000 [0053.191] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.191] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\bg-BG\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.191] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.191] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210bba74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.191] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210bba74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.191] FindClose (in: hFindFile=0x4c2990 | out: hFindFile=0x4c2990) returned 1 [0053.191] GetProcessHeap () returned 0x4b0000 [0053.191] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.192] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef4e6d79, ftCreationTime.dwHighDateTime=0x1d3273d, ftLastAccessTime.dwLowDateTime=0xef4e6d79, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x175a0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="bootspaces.dll", cAlternateFileName="BOOTSP~1.DLL")) returned 1 [0053.192] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xef703e94, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0053.192] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef4fcd12, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x185a0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="bootvhd.dll", cAlternateFileName="")) returned 1 [0053.192] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef511a4c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0053.192] GetProcessHeap () returned 0x4b0000 [0053.192] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.192] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef511a4c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.194] GetProcessHeap () returned 0x4b0000 [0053.194] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.195] GetProcessHeap () returned 0x4b0000 [0053.195] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.195] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0008dbb, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5252b3, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.196] GetProcessHeap () returned 0x4b0000 [0053.196] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.196] GetProcessHeap () returned 0x4b0000 [0053.196] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.196] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0009692, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef538bee, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.197] GetProcessHeap () returned 0x4b0000 [0053.197] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.197] GetProcessHeap () returned 0x4b0000 [0053.197] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.197] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef555ff8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef555ff8, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.198] GetProcessHeap () returned 0x4b0000 [0053.198] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.198] GetProcessHeap () returned 0x4b0000 [0053.198] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.199] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-GB\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc482dc87, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2cd0 [0053.199] GetProcessHeap () returned 0x4b0000 [0053.199] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.200] GetProcessHeap () returned 0x4b0000 [0053.200] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.200] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef57d0f5, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef57d0f5, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.200] GetProcessHeap () returned 0x4b0000 [0053.200] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.200] GetProcessHeap () returned 0x4b0000 [0053.201] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.201] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000b9ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef586d37, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.204] GetProcessHeap () returned 0x4b0000 [0053.204] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.204] GetProcessHeap () returned 0x4b0000 [0053.204] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.204] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-MX\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000c12e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc4853f40, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.205] GetProcessHeap () returned 0x4b0000 [0053.205] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.205] GetProcessHeap () returned 0x4b0000 [0053.205] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.206] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\et-EE\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc487a0b9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.206] GetProcessHeap () returned 0x4b0000 [0053.206] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.206] GetProcessHeap () returned 0x4b0000 [0053.206] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.207] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000cf3a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef59a5b1, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.207] GetProcessHeap () returned 0x4b0000 [0053.207] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.208] GetProcessHeap () returned 0x4b0000 [0053.208] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.208] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc49ab3c7, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0109451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef999ae4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.211] GetProcessHeap () returned 0x4b0000 [0053.211] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.211] GetProcessHeap () returned 0x4b0000 [0053.211] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.211] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-CA\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.212] GetProcessHeap () returned 0x4b0000 [0053.212] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.212] GetProcessHeap () returned 0x4b0000 [0053.212] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.213] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010bc12, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ade2b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.213] GetProcessHeap () returned 0x4b0000 [0053.213] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.213] GetProcessHeap () returned 0x4b0000 [0053.213] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.214] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hr-HR\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.866] GetProcessHeap () returned 0x4b0000 [0053.866] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.866] GetProcessHeap () returned 0x4b0000 [0053.875] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010c5ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5c171b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.886] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010c5ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5c171b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.886] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13360, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.896] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5c171b, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39d81d8, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.904] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5c171b, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39d81d8, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.904] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0053.905] GetProcessHeap () returned 0x4b0000 [0053.905] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.905] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010ccad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5d8ab4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="it-IT", cAlternateFileName="")) returned 1 [0053.905] GetProcessHeap () returned 0x4b0000 [0053.905] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010ccad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5d8ab4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.906] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010ccad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5d8ab4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.906] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.907] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5d8ab4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf30285aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.907] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5d8ab4, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf30285aa, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.907] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.907] GetProcessHeap () returned 0x4b0000 [0053.907] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.907] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010d0c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ed6c6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0053.907] GetProcessHeap () returned 0x4b0000 [0053.907] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.907] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010d0c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ed6c6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.907] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010d0c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ed6c6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.907] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48c6596, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.907] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5ed6c6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf300233f, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa798, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.907] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5ed6c6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf300233f, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa798, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.907] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.907] GetProcessHeap () returned 0x4b0000 [0053.908] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.908] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef5fc210, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0053.908] GetProcessHeap () returned 0x4b0000 [0053.908] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.908] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef5fc210, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.908] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef5fc210, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.908] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x211c6af1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10560, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.908] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fdc0d7, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.908] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fdc0d7, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.908] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.908] GetProcessHeap () returned 0x4b0000 [0053.908] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.908] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="lt-LT", cAlternateFileName="")) returned 1 [0053.908] GetProcessHeap () returned 0x4b0000 [0053.908] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.908] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\lt-LT\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.909] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.909] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.909] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.909] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.909] GetProcessHeap () returned 0x4b0000 [0053.910] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.910] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="lv-LV", cAlternateFileName="")) returned 1 [0053.910] GetProcessHeap () returned 0x4b0000 [0053.910] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.910] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\lv-LV\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.910] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.910] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12758, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.910] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2117a634, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12758, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.910] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.910] GetProcessHeap () returned 0x4b0000 [0053.910] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.910] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6196d8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfbcf473f, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0xc63a0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0053.910] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e138, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef62cf52, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0053.910] GetProcessHeap () returned 0x4b0000 [0053.910] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.910] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e138, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef62cf52, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c90 [0053.910] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e138, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef62cf52, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.910] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x211543da, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12760, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.911] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef62cf52, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.911] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef62cf52, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.911] FindClose (in: hFindFile=0x4c2c90 | out: hFindFile=0x4c2c90) returned 1 [0053.911] GetProcessHeap () returned 0x4b0000 [0053.911] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.911] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e4fa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6407cf, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0053.911] GetProcessHeap () returned 0x4b0000 [0053.911] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.911] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e4fa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6407cf, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.911] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e4fa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6407cf, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.911] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x211543da, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13160, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.911] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6407cf, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.911] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6407cf, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2fb5e6c, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.912] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0053.912] GetProcessHeap () returned 0x4b0000 [0053.912] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.912] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef65403a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0053.912] GetProcessHeap () returned 0x4b0000 [0053.912] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.912] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef65403a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.912] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef65403a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.912] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2112e17f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.912] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.912] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.912] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.912] GetProcessHeap () returned 0x4b0000 [0053.912] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.912] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6678d6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6678d6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0053.913] GetProcessHeap () returned 0x4b0000 [0053.913] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6678d6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6678d6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.913] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6678d6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6678d6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.913] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4912aed, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2112e17f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.913] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65dc94, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.913] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65dc94, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.913] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.913] GetProcessHeap () returned 0x4b0000 [0053.913] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.913] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f167, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6714dc, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0053.913] GetProcessHeap () returned 0x4b0000 [0053.913] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f167, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6714dc, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.914] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f167, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6714dc, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.914] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2112e17f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.914] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6714dc, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.914] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6714dc, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f8fc0d, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.914] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.914] GetProcessHeap () returned 0x4b0000 [0053.914] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.914] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f640, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef684d85, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="qps-ploc", cAlternateFileName="")) returned 1 [0053.914] GetProcessHeap () returned 0x4b0000 [0053.914] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f640, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef684d85, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.914] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f640, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef684d85, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.914] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12160, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.914] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef684d85, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfbd1a998, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0xd398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.915] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef684d85, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfbd1a998, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0xd398, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.915] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.915] GetProcessHeap () returned 0x4b0000 [0053.915] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.915] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ab61e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9abff9, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0053.915] GetProcessHeap () returned 0x4b0000 [0053.915] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Resources\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ab61e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9abff9, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.915] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ab61e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9abff9, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.915] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9abff9, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef597530, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x169a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll", cAlternateFileName="")) returned 1 [0053.915] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0053.915] GetProcessHeap () returned 0x4b0000 [0053.915] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf60c0 [0053.916] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Resources\\en-US\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c90 [0053.916] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.916] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9baa67, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0x31acad58, ftLastWriteTime.dwHighDateTime=0x1d2a030, nFileSizeHigh=0x0, nFileSizeLow=0x2fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll.mui", cAlternateFileName="BOOTRE~1.MUI")) returned 1 [0053.916] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9baa67, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0x31acad58, ftLastWriteTime.dwHighDateTime=0x1d2a030, nFileSizeHigh=0x0, nFileSizeLow=0x2fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll.mui", cAlternateFileName="BOOTRE~1.MUI")) returned 0 [0053.916] FindClose (in: hFindFile=0x4c2c90 | out: hFindFile=0x4c2c90) returned 1 [0053.916] GetProcessHeap () returned 0x4b0000 [0053.916] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf60c0 | out: hHeap=0x4b0000) returned 1 [0053.916] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0053.916] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.916] GetProcessHeap () returned 0x4b0000 [0053.916] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.917] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="ro-RO", cAlternateFileName="")) returned 1 [0053.917] GetProcessHeap () returned 0x4b0000 [0053.917] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.917] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ro-RO\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.917] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.918] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.918] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.918] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0053.918] GetProcessHeap () returned 0x4b0000 [0053.918] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.918] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef698608, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0053.918] GetProcessHeap () returned 0x4b0000 [0053.918] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.918] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef698608, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.918] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef698608, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.918] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.919] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xafa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.919] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xafa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.919] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.919] GetProcessHeap () returned 0x4b0000 [0053.919] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.919] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="sk-SK", cAlternateFileName="")) returned 1 [0053.919] GetProcessHeap () returned 0x4b0000 [0053.919] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.919] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sk-SK\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.919] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.919] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.919] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.919] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.919] GetProcessHeap () returned 0x4b0000 [0053.919] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.919] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="sl-SI", cAlternateFileName="")) returned 1 [0053.919] GetProcessHeap () returned 0x4b0000 [0053.919] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.920] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sl-SI\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.920] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.920] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.920] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.920] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.920] GetProcessHeap () returned 0x4b0000 [0053.920] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.920] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0x5168548b, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="sr-Latn-CS", cAlternateFileName="SR-LAT~1")) returned 1 [0053.920] GetProcessHeap () returned 0x4b0000 [0053.920] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.920] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0x5168548b, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.920] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0x5168548b, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.920] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.920] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe318f070, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xaf58, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.920] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe318f070, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xaf58, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.920] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.921] GetProcessHeap () returned 0x4b0000 [0053.921] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.921] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="sr-Latn-RS", cAlternateFileName="SR-LAT~2")) returned 1 [0053.921] GetProcessHeap () returned 0x4b0000 [0053.921] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.921] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sr-Latn-RS\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.921] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.921] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.921] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21212f9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.921] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.921] GetProcessHeap () returned 0x4b0000 [0053.921] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.921] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01adf43, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6a2250, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0053.921] GetProcessHeap () returned 0x4b0000 [0053.921] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.921] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01adf43, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6a2250, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.921] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01adf43, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6a2250, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.921] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x21107f25, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.921] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6a2250, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xaf98, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.922] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6a2250, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f699a6, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xaf98, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.922] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0053.922] GetProcessHeap () returned 0x4b0000 [0053.922] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.922] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206504, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6b5aca, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0053.922] GetProcessHeap () returned 0x4b0000 [0053.922] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206504, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6b5aca, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.922] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206504, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6b5aca, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.922] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210e1cce, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12558, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.922] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6b5aca, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f4373a, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.922] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6b5aca, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2f4373a, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.922] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.922] GetProcessHeap () returned 0x4b0000 [0053.922] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.922] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206a30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="uk-UA", cAlternateFileName="")) returned 1 [0053.922] GetProcessHeap () returned 0x4b0000 [0053.922] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\uk-UA\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206a30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.923] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206a30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.923] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210e1cce, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.923] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210e1cce, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.923] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.923] GetProcessHeap () returned 0x4b0000 [0053.923] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.923] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef6c9427, ftCreationTime.dwHighDateTime=0x1d3273d, ftLastAccessTime.dwLowDateTime=0xef6c9427, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x1236, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="updaterevokesipolicy.p7b", cAlternateFileName="UPDATE~1.P7B")) returned 1 [0053.923] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207100, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6d7e9a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0053.923] GetProcessHeap () returned 0x4b0000 [0053.923] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207100, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6d7e9a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.923] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207100, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6d7e9a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.923] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.923] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6d7e9a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.924] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6d7e9a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.924] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.924] GetProcessHeap () returned 0x4b0000 [0053.924] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.924] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207675, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x518ea25e, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0053.924] GetProcessHeap () returned 0x4b0000 [0053.924] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207675, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x518ea25e, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.924] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207675, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x518ea25e, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.924] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf958, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.924] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x518ea25e, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe31db522, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xa558, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.924] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x518ea25e, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0xe31db522, ftLastWriteTime.dwHighDateTime=0x1d112e1, nFileSizeHigh=0x0, nFileSizeLow=0xa558, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.924] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0053.924] GetProcessHeap () returned 0x4b0000 [0053.924] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.924] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0053.924] GetProcessHeap () returned 0x4b0000 [0053.924] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0053.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.925] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.925] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x2123921c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf960, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.925] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa598, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0053.925] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf39fe447, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0xa598, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0053.925] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.925] GetProcessHeap () returned 0x4b0000 [0053.925] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0053.925] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0053.925] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0053.925] GetProcessHeap () returned 0x4b0000 [0053.925] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x54ec40 | out: hHeap=0x4b0000) returned 1 [0053.926] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xe47a48a8, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0xef6fa258, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xfb90936b, ftLastWriteTime.dwHighDateTime=0x1d2fa06, nFileSizeHigh=0x0, nFileSizeLow=0x607da, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0053.926] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe5533ee0, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0xef9d0a0c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="BOOTNXT", cAlternateFileName="")) returned 1 [0053.926] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xc4ee267e, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4ee267e, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xf1c63cdd, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0053.926] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xe99f01ae, ftCreationTime.dwHighDateTime=0x1d32708, ftLastAccessTime.dwLowDateTime=0xe99f01ae, ftLastAccessTime.dwHighDateTime=0x1d32708, ftLastWriteTime.dwLowDateTime=0xe99f01ae, ftLastWriteTime.dwHighDateTime=0x1d32708, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75e90100, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0053.926] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75e90100, cFileName="ESD", cAlternateFileName="")) returned 1 [0053.926] GetProcessHeap () returned 0x4b0000 [0053.926] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf50b8 [0053.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ESD\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0053.927] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0053.927] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 0 [0053.927] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0053.927] GetProcessHeap () returned 0x4b0000 [0053.927] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf50b8 | out: hHeap=0x4b0000) returned 1 [0053.927] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7ef2dddf, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x7ef2dddf, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x3d7ebe9, ftLastWriteTime.dwHighDateTime=0x1d4d600, nFileSizeHigh=0x0, nFileSizeLow=0x332fe000, dwReserved0=0xa0000003, dwReserved1=0x75e90100, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0053.927] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdf1d773, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa03727f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xfd9ec80, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75e90100, cFileName="Logs", cAlternateFileName="")) returned 1 [0053.927] GetProcessHeap () returned 0x4b0000 [0053.927] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf50b8 [0053.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Logs\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdf1d773, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa03727f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xfd9ec80, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0053.928] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdf1d773, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa03727f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xfd9ec80, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5052fa31, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5052fa31, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Application.evtx", cAlternateFileName="APPLIC~1.EVT")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x505ee5f0, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x505ee5f0, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="HardwareEvents.evtx", cAlternateFileName="HARDWA~1.EVT")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x505a2134, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x505a2134, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Internet Explorer.evtx", cAlternateFileName="INTERN~1.EVT")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5057bed8, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5057bed8, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Key Management Service.evtx", cAlternateFileName="KEYMAN~1.EVT")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc1dbd7c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc1dbd7c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Client-Licensing-Platform%4Admin.evtx", cAlternateFileName="MICROS~1.EVT")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca5d836e, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xca5d836e, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx", cAlternateFileName="MICROS~2.EVT")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9206ac5, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc9206ac5, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xf9c0f529, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x101000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx", cAlternateFileName="MICROS~3.EVT")) returned 1 [0053.929] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4143825, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd4143825, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppLocker%4EXE and DLL.evtx", cAlternateFileName="MICROS~4.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4169a7a, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd4169a7a, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppLocker%4MSI and Script.evtx", cAlternateFileName="MI2EEA~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd418fcc3, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd418fcc3, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx", cAlternateFileName="MI07E1~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd418fcc3, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd418fcc3, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx", cAlternateFileName="MI8196~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd41b5f2d, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd41b5f2d, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppModel-Runtime%4Admin.evtx", cAlternateFileName="MIE36C~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd389efbd, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd389efbd, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppReadiness%4Admin.evtx", cAlternateFileName="MIC5CB~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd38c5212, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd38c5212, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x111000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppReadiness%4Operational.evtx", cAlternateFileName="MIF8AA~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4143825, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd4143825, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppXDeployment%4Operational.evtx", cAlternateFileName="MI34FE~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5af3554f, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5af3554f, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x211000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppXDeploymentServer%4Operational.evtx", cAlternateFileName="MIA24C~1.EVT")) returned 1 [0053.930] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5af3554f, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5af3554f, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx", cAlternateFileName="MIDBEC~1.EVT")) returned 1 [0053.931] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85798667, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x85798667, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-AppxPackaging%4Operational.evtx", cAlternateFileName="MI54F1~1.EVT")) returned 1 [0053.931] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd74d25ab, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd74d25ab, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx", cAlternateFileName="MI111F~1.EVT")) returned 1 [0053.931] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f96ca4, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xe1f96ca4, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Bits-Client%4Operational.evtx", cAlternateFileName="MI9465~1.EVT")) returned 1 [0053.931] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8783aa15, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x8783aa15, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-CodeIntegrity%4Operational.evtx", cAlternateFileName="MI03A7~1.EVT")) returned 1 [0053.931] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c3c71c5, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x8c3c71c5, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx", cAlternateFileName="MI5CA2~1.EVT")) returned 1 [0053.931] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc9231, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50cc9231, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx", cAlternateFileName="MI5FD1~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50ca2fbd, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50ca2fbd, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Crypto-DPAPI%4Operational.evtx", cAlternateFileName="MI8BDF~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c3ed420, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x8c3ed420, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x101000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx", cAlternateFileName="MIAEBD~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cef47f, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50cef47f, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-DeviceSetupManager%4Admin.evtx", cAlternateFileName="MIA726~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc9231, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50cc9231, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-DeviceSetupManager%4Operational.evtx", cAlternateFileName="MI08CB~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc967f17e, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc967f17e, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Dhcp-Client%4Admin.evtx", cAlternateFileName="MI8270~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc96cb64b, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc96cb64b, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Dhcpv6-Client%4Admin.evtx", cAlternateFileName="MIEBFF~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64aa7b, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xca64aa7b, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Diagnosis-DPS%4Operational.evtx", cAlternateFileName="MI9F85~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd9ec80, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xfd9ec80, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Diagnostics-Performance%4Operational.evtx", cAlternateFileName="MIBE3D~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9658ef3, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc9658ef3, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-GroupPolicy%4Operational.evtx", cAlternateFileName="MIE38D~1.EVT")) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9dcc480, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc9dcc480, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-HotspotAuth%4Operational.evtx", cAlternateFileName="MIE386~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50b4bacf, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50b4bacf, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx", cAlternateFileName="MI6B25~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb66288f, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb66288f, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-International%4Operational.evtx", cAlternateFileName="MI854A~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506ad1ac, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x506ad1ac, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-Boot%4Operational.evtx", cAlternateFileName="MI32CE~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50ca2fbd, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50ca2fbd, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-EventTracing%4Admin.evtx", cAlternateFileName="MIA934~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5071f8b0, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5071f8b0, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x101000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-PnP%4Configuration.evtx", cAlternateFileName="MIB32D~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8ebf6d7, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc8ebf6d7, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx", cAlternateFileName="MICA77~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5090f75d, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5090f75d, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx", cAlternateFileName="MI1E8D~1.EVT")) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd75102f, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcd75102f, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx", cAlternateFileName="MID067~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50be4414, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50be4414, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-WHEA%4Errors.evtx", cAlternateFileName="MIDE4D~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50be4414, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50be4414, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Kernel-WHEA%4Operational.evtx", cAlternateFileName="MI36C5~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59547c37, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x59547c37, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Known Folders API Service.evtx", cAlternateFileName="MI86D6~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbb7386e, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcbb7386e, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-LiveId%4Operational.evtx", cAlternateFileName="MI4C58~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc93d06f0, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc93d06f0, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1df92a8, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-MUI%4Admin.evtx", cAlternateFileName="MI30D3~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc93aa49b, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc93aa49b, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-MUI%4Operational.evtx", cAlternateFileName="MI6F01~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d33b19, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc9d33b19, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-NCSI%4Operational.evtx", cAlternateFileName="MI483C~1.EVT")) returned 1 [0053.934] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbcf0ff2, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcbcf0ff2, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-NetworkProfile%4Operational.evtx", cAlternateFileName="MIFC66~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50ab3154, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50ab3154, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Ntfs%4Operational.evtx", cAlternateFileName="MI6E98~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50ad9393, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50ad9393, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Ntfs%4WHC.evtx", cAlternateFileName="MIB2AC~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca5fe5cb, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xca5fe5cb, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx", cAlternateFileName="MI6AFE~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe24cdef0, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xe24cdef0, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-ReadyBoost%4Operational.evtx", cAlternateFileName="MIB9D2~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd125335f, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd125335f, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx", cAlternateFileName="MI7A67~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1fe2941, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd1fe2941, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x101000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SettingSync%4Debug.evtx", cAlternateFileName="MI3773~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1fe2941, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd1fe2941, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SettingSync%4Operational.evtx", cAlternateFileName="MI36AA~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3852b12, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd3852b12, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Shell-Core%4ActionCenter.evtx", cAlternateFileName="MI2E2E~1.EVT")) returned 1 [0053.935] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3852b12, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd3852b12, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Shell-Core%4Operational.evtx", cAlternateFileName="MI1C6C~1.EVT")) returned 1 [0053.936] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc97d66c8, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc97d66c8, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SmbClient%4Connectivity.evtx", cAlternateFileName="MI00FB~1.EVT")) returned 1 [0053.936] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc97b042f, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc97b042f, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SMBClient%4Operational.evtx", cAlternateFileName="MID8B0~1.EVT")) returned 1 [0053.936] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc97d66c8, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc97d66c8, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SmbClient%4Security.evtx", cAlternateFileName="MI8CEE~1.EVT")) returned 1 [0053.936] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb1ea1c9, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb1ea1c9, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SMBServer%4Audit.evtx", cAlternateFileName="MIE3AD~1.EVT")) returned 1 [0053.936] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb19dd19, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb19dd19, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SMBServer%4Connectivity.evtx", cAlternateFileName="MI8248~1.EVT")) returned 1 [0053.936] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb151873, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb151873, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SMBServer%4Operational.evtx", cAlternateFileName="MI4B6B~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb177aca, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb177aca, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-SMBServer%4Security.evtx", cAlternateFileName="MI7709~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd751ea61, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd751ea61, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dd3053, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Store%4Operational.evtx", cAlternateFileName="MICEDD~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd0763ff, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcd0763ff, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-TaskScheduler%4Maintenance.evtx", cAlternateFileName="MIE2F0~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5089d037, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5089d037, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx", cAlternateFileName="MIAB1D~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x508c32a6, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x508c32a6, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx", cAlternateFileName="MI62D3~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc14341c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc14341c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dace07, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx", cAlternateFileName="MIEC03~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc1b5b23, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc1b5b23, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx", cAlternateFileName="MI1F5D~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd74ac348, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd74ac348, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dace07, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-TWinUI%4Operational.evtx", cAlternateFileName="MIA925~1.EVT")) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50aff605, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50aff605, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-User Profile Service%4Operational.evtx", cAlternateFileName="MI4D4C~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50981e6e, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50981e6e, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-UserPnp%4ActionCenter.evtx", cAlternateFileName="MI5FF0~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5095bc04, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x5095bc04, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-UserPnp%4DeviceInstall.evtx", cAlternateFileName="MIBD88~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50b97f64, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50b97f64, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx", cAlternateFileName="MICC17~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc986efe1, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc986efe1, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Wcmsvc%4Operational.evtx", cAlternateFileName="MI72BF~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb426548, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb426548, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dace07, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Windows Defender%4Operational.evtx", cAlternateFileName="MI7501~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb4729e7, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb4729e7, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Windows Defender%4WHC.evtx", cAlternateFileName="MIF226~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4b19353, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd4b19353, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dace07, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx", cAlternateFileName="MIDCC7~1.EVT")) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c9b1b6, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc9c9b1b6, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dace07, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x101000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx", cAlternateFileName="MI7771~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9df26e9, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xc9df26e9, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1dace07, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx", cAlternateFileName="MI4667~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd122d184, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd122d184, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1d86ba0, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-Winlogon%4Operational.evtx", cAlternateFileName="MID6AB~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf164b9b, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcf164b9b, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1d86ba0, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x101000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Microsoft-Windows-WMI-Activity%4Operational.evtx", cAlternateFileName="MIFF83~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50555c8d, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50555c8d, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xf9a458f4, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x111000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Security.evtx", cAlternateFileName="SECURI~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95a6db2c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x95a6db2c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xa1d86ba0, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Setup.evtx", cAlternateFileName="SETUP~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x505097c4, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x505097c4, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd96d7ac9, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x111000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="System.evtx", cAlternateFileName="SYSTEM~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50555c8d, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50555c8d, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows PowerShell.evtx", cAlternateFileName="WINDOW~1.EVT")) returned 1 [0053.939] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50555c8d, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0x50555c8d, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x95ae023d, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows PowerShell.evtx", cAlternateFileName="WINDOW~1.EVT")) returned 0 [0053.939] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0054.710] GetProcessHeap () returned 0x4b0000 [0054.710] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf50b8 | out: hHeap=0x4b0000) returned 1 [0054.710] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6e97b025, ftCreationTime.dwHighDateTime=0x1d3275c, ftLastAccessTime.dwLowDateTime=0x6e97b025, ftLastAccessTime.dwHighDateTime=0x1d3275c, ftLastWriteTime.dwLowDateTime=0x47384f2, ftLastWriteTime.dwHighDateTime=0x1d4d600, nFileSizeHigh=0x0, nFileSizeLow=0x28000000, dwReserved0=0xa0000003, dwReserved1=0x75e90100, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0054.710] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa03748ae, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17b3dd09, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75e90100, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0054.710] GetProcessHeap () returned 0x4b0000 [0054.710] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x54ec40 [0054.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa03748ae, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17b3dd09, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.711] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa03748ae, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17b3dd09, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0054.711] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa03748ae, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17b3dd09, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 0 [0054.711] FindClose (in: hFindFile=0x4c06070 | out: hFindFile=0x4c06070) returned 1 [0054.711] GetProcessHeap () returned 0x4b0000 [0054.711] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x54ec40 | out: hHeap=0x4b0000) returned 1 [0054.711] FindNextFileW (in: hFindFile=0x4c2a10, lpFindFileData=0xe1fa90 | out: lpFindFileData=0xe1fa90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7563b133, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7563b133, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75e90100, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0054.711] GetProcessHeap () returned 0x4b0000 [0054.711] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x54ec40 [0054.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\*", lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7563b133, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7563b133, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c05e30 [0054.711] FindNextFileW (in: hFindFile=0x4c05e30, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7563b133, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7563b133, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0054.712] FindNextFileW (in: hFindFile=0x4c05e30, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7173d5c8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7173d5c8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0054.712] GetProcessHeap () returned 0x4b0000 [0054.712] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0054.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7173d5c8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7173d5c8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059b0 [0054.712] FindNextFileW (in: hFindFile=0x4c059b0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7173d5c8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7173d5c8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.712] FindNextFileW (in: hFindFile=0x4c059b0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x4aab75fe, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0xa0417b85, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4aadd873, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DESIGNER", cAlternateFileName="")) returned 1 [0054.712] GetProcessHeap () returned 0x4b0000 [0054.712] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0054.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x4aab75fe, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0xa0417b85, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4aadd873, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0054.712] FindNextFileW (in: hFindFile=0x4c05f70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x4aab75fe, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0xa0417b85, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4aadd873, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.712] FindNextFileW (in: hFindFile=0x4c05f70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c8c3a00, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4aadd873, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5c8c3a00, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x3e70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.OLB", cAlternateFileName="")) returned 1 [0054.712] FindNextFileW (in: hFindFile=0x4c05f70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c8c3a00, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4aadd873, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5c8c3a00, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x3e70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.OLB", cAlternateFileName="")) returned 0 [0054.712] FindClose (in: hFindFile=0x4c05f70 | out: hFindFile=0x4c05f70) returned 1 [0054.712] GetProcessHeap () returned 0x4b0000 [0054.712] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0054.713] FindNextFileW (in: hFindFile=0x4c059b0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c5990, ftCreationTime.dwHighDateTime=0x1d5731d, ftLastAccessTime.dwLowDateTime=0xed79e850, ftLastAccessTime.dwHighDateTime=0x1d522a7, ftLastWriteTime.dwLowDateTime=0xed79e850, ftLastWriteTime.dwHighDateTime=0x1d522a7, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="eddieeau.exe", cAlternateFileName="")) returned 1 [0054.713] FindNextFileW (in: hFindFile=0x4c059b0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa04663f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4accd6e1, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="microsoft shared", cAlternateFileName="MICROS~1")) returned 1 [0054.713] GetProcessHeap () returned 0x4b0000 [0054.713] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0054.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa04663f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4accd6e1, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d70 [0054.713] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa04663f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4accd6e1, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.713] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf6c42af, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x81028f76, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x81028f76, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ClickToRun", cAlternateFileName="CLICKT~1")) returned 1 [0054.713] GetProcessHeap () returned 0x4b0000 [0054.713] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf6c42af, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x81028f76, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x81028f76, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.713] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf6c42af, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x81028f76, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x81028f76, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.713] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x809e6bf5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x809e6bf5, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x48c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l1-2-0.dll", cAlternateFileName="API-MS~1.DLL")) returned 1 [0054.713] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x809e6bf5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x809e6bf5, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x48c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l2-1-0.dll", cAlternateFileName="API-MS~2.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x52c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-localization-l1-2-0.dll", cAlternateFileName="API-MS~3.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x4ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-processthreads-l1-1-1.dll", cAlternateFileName="API-MS~4.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x4ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-synch-l1-2-0.dll", cAlternateFileName="APF10C~1.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x48c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-timezone-l1-1-0.dll", cAlternateFileName="AP7902~1.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-xstate-l2-1-0.dll", cAlternateFileName="APA632~1.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x4cc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-conio-l1-1-0.dll", cAlternateFileName="AP5C76~1.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x58c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-convert-l1-1-0.dll", cAlternateFileName="APFD9C~1.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x4ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-environment-l1-1-0.dll", cAlternateFileName="APC00F~1.DLL")) returned 1 [0054.714] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x50c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-filesystem-l1-1-0.dll", cAlternateFileName="AP0479~1.DLL")) returned 1 [0054.715] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80a0ce4e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x80a0ce4e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6c5dd00, ftLastWriteTime.dwHighDateTime=0x1d0c58c, nFileSizeHigh=0x0, nFileSizeLow=0x4cc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-heap-l1-1-0.dll", cAlternateFileName="AP23C9~1.DLL")) returned 1 [0054.715] GetProcessHeap () returned 0x4b0000 [0054.715] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.715] GetProcessHeap () returned 0x4b0000 [0054.715] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb3e1c92c, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb3e1c92c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0054.715] GetProcessHeap () returned 0x4b0000 [0054.715] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ar-SA\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05532b6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05e70 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.716] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\bg-BG\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0553f37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.716] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\cs-CZ\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0554b83, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05e70 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.716] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\da-DK\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05550d5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.716] GetProcessHeap () returned 0x4b0000 [0054.716] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.716] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\de-DE\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0555b2c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0054.717] GetProcessHeap () returned 0x4b0000 [0054.717] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.717] GetProcessHeap () returned 0x4b0000 [0054.717] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\el-GR\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa055662c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0054.717] GetProcessHeap () returned 0x4b0000 [0054.717] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.717] GetProcessHeap () returned 0x4b0000 [0054.717] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-GB\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0557085, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0054.717] GetProcessHeap () returned 0x4b0000 [0054.717] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.717] GetProcessHeap () returned 0x4b0000 [0054.717] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05dd09d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe8231541, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.719] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\es-ES\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05ddf5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.719] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\es-MX\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05dea14, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05e70 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.719] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\et-EE\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05df011, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.719] GetProcessHeap () returned 0x4b0000 [0054.719] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fi-FI\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05df7b6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05e70 [0054.720] GetProcessHeap () returned 0x4b0000 [0054.720] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.720] GetProcessHeap () returned 0x4b0000 [0054.720] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fr-CA\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0635c03, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.720] GetProcessHeap () returned 0x4b0000 [0054.720] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.720] GetProcessHeap () returned 0x4b0000 [0054.720] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fr-FR\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06369df, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.720] GetProcessHeap () returned 0x4b0000 [0054.720] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.720] GetProcessHeap () returned 0x4b0000 [0054.720] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0637839, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0054.720] GetProcessHeap () returned 0x4b0000 [0054.720] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.721] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0638633, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.721] GetProcessHeap () returned 0x4b0000 [0054.722] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.722] GetProcessHeap () returned 0x4b0000 [0054.722] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0638c00, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.722] GetProcessHeap () returned 0x4b0000 [0054.722] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.722] GetProcessHeap () returned 0x4b0000 [0054.722] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa063932e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0054.722] GetProcessHeap () returned 0x4b0000 [0054.722] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.722] GetProcessHeap () returned 0x4b0000 [0054.722] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cd023, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\oskclearui\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cdb88, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\oskmenu\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06ce328, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\osknav\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06ce7a1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.724] GetProcessHeap () returned 0x4b0000 [0054.724] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\osknumpad\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06ceb7f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.725] GetProcessHeap () returned 0x4b0000 [0054.725] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.725] GetProcessHeap () returned 0x4b0000 [0054.725] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.725] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cef41, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.725] GetProcessHeap () returned 0x4b0000 [0054.725] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.725] GetProcessHeap () returned 0x4b0000 [0054.725] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c098e8 [0054.725] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\symbols\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cf371, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.725] GetProcessHeap () returned 0x4b0000 [0054.725] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c098e8 | out: hHeap=0x4b0000) returned 1 [0054.725] GetProcessHeap () returned 0x4b0000 [0054.725] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.726] GetProcessHeap () returned 0x4b0000 [0054.726] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.726] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\he-IL\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cf9a3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0054.727] GetProcessHeap () returned 0x4b0000 [0054.727] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.727] GetProcessHeap () returned 0x4b0000 [0054.727] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\hr-HR\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cfce2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0054.727] GetProcessHeap () returned 0x4b0000 [0054.727] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.727] GetProcessHeap () returned 0x4b0000 [0054.727] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\hu-HU\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06d0656, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.727] GetProcessHeap () returned 0x4b0000 [0054.727] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.727] GetProcessHeap () returned 0x4b0000 [0054.727] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\HWRCustomization\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6eba2ec1, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0xa07693a9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x6eba2ec1, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0054.728] GetProcessHeap () returned 0x4b0000 [0054.728] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.728] GetProcessHeap () returned 0x4b0000 [0054.728] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.728] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\it-IT\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0769b1e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0054.730] GetProcessHeap () returned 0x4b0000 [0054.730] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.730] GetProcessHeap () returned 0x4b0000 [0054.730] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ja-JP\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076a026, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.730] GetProcessHeap () returned 0x4b0000 [0054.730] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.730] GetProcessHeap () returned 0x4b0000 [0054.730] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ko-KR\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076a7a6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0054.730] GetProcessHeap () returned 0x4b0000 [0054.730] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.730] GetProcessHeap () returned 0x4b0000 [0054.730] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\LanguageModel\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076afd8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0054.731] GetProcessHeap () returned 0x4b0000 [0054.731] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.731] GetProcessHeap () returned 0x4b0000 [0054.731] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.731] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\lt-LT\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076b52b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.732] GetProcessHeap () returned 0x4b0000 [0054.732] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.732] GetProcessHeap () returned 0x4b0000 [0054.732] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.732] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\lv-LV\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076ba6e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.732] GetProcessHeap () returned 0x4b0000 [0054.732] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.732] GetProcessHeap () returned 0x4b0000 [0054.732] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.732] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\nb-NO\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076bff5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.732] GetProcessHeap () returned 0x4b0000 [0054.732] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.732] GetProcessHeap () returned 0x4b0000 [0054.732] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.732] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\nl-NL\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076c75d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.733] GetProcessHeap () returned 0x4b0000 [0054.733] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.733] GetProcessHeap () returned 0x4b0000 [0054.733] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.733] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\pl-PL\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080d57c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.733] GetProcessHeap () returned 0x4b0000 [0054.733] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.733] GetProcessHeap () returned 0x4b0000 [0054.733] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.733] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\pt-BR\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080d988, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.734] GetProcessHeap () returned 0x4b0000 [0054.734] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.734] GetProcessHeap () returned 0x4b0000 [0054.734] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.734] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\pt-PT\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080ddb8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 [0054.734] GetProcessHeap () returned 0x4b0000 [0054.734] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.734] GetProcessHeap () returned 0x4b0000 [0054.734] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.734] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ro-RO\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080e0f5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0054.737] GetProcessHeap () returned 0x4b0000 [0054.737] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.737] GetProcessHeap () returned 0x4b0000 [0054.737] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.737] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ru-RU\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080e4d1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0054.737] GetProcessHeap () returned 0x4b0000 [0054.737] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.737] GetProcessHeap () returned 0x4b0000 [0054.737] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.737] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sk-SK\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080e8a3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05e70 [0054.738] GetProcessHeap () returned 0x4b0000 [0054.738] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.738] GetProcessHeap () returned 0x4b0000 [0054.738] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sl-SI\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080ec25, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0054.738] GetProcessHeap () returned 0x4b0000 [0054.738] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.738] GetProcessHeap () returned 0x4b0000 [0054.738] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sr-Latn-RS\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c7ae2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.747] GetProcessHeap () returned 0x4b0000 [0054.747] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.748] GetProcessHeap () returned 0x4b0000 [0054.748] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.748] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sv-SE\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c820e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0054.748] GetProcessHeap () returned 0x4b0000 [0054.748] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.748] GetProcessHeap () returned 0x4b0000 [0054.748] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.748] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\th-TH\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c8602, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0054.748] GetProcessHeap () returned 0x4b0000 [0054.748] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.748] GetProcessHeap () returned 0x4b0000 [0054.748] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.748] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\tr-TR\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c896f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0054.749] GetProcessHeap () returned 0x4b0000 [0054.749] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.749] GetProcessHeap () returned 0x4b0000 [0054.749] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.749] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\uk-UA\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c8ed8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.750] GetProcessHeap () returned 0x4b0000 [0054.750] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.750] GetProcessHeap () returned 0x4b0000 [0054.750] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.750] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\zh-CN\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c93df, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3ecc0a, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0054.754] GetProcessHeap () returned 0x4b0000 [0054.754] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.754] GetProcessHeap () returned 0x4b0000 [0054.754] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.754] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\zh-TW\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c97fd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3ecc0a, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05e70 [0054.754] GetProcessHeap () returned 0x4b0000 [0054.754] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.754] GetProcessHeap () returned 0x4b0000 [0054.754] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.755] GetProcessHeap () returned 0x4b0000 [0054.755] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c088e0 [0054.756] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\MSInfo\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa098a4c6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71143a45, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.756] GetProcessHeap () returned 0x4b0000 [0054.756] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.756] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\MSInfo\\en-US\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa098aa4a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0054.758] GetProcessHeap () returned 0x4b0000 [0054.758] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.762] GetProcessHeap () returned 0x4b0000 [0054.762] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c088e0 | out: hHeap=0x4b0000) returned 1 [0054.763] GetProcessHeap () returned 0x4b0000 [0054.763] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c088e0 [0054.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd99442a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xd9f60362, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd9f60362, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05e70 [0054.933] GetProcessHeap () returned 0x4b0000 [0054.933] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bb2080 [0054.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Office Setup Controller\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xd9f60362, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xa0a26299, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xda982389, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 [0068.226] ResetEvent (hEvent=0x28c) returned 1 [0068.226] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0068.530] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96da6a05, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96da6a05, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96da6a05, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x13fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Peacock.jpg", cAlternateFileName="")) returned 1 [0068.530] ResetEvent (hEvent=0x28c) returned 1 [0068.530] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0068.653] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96da6a05, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96da6a05, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96dccc65, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roses.htm", cAlternateFileName="")) returned 1 [0068.653] ResetEvent (hEvent=0x28c) returned 1 [0068.653] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0068.667] ResetEvent (hEvent=0x28c) returned 1 [0068.667] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.055] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96dccc65, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96dccc65, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96dccc65, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roses.jpg", cAlternateFileName="")) returned 1 [0069.055] ResetEvent (hEvent=0x28c) returned 1 [0069.055] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.204] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96da6a05, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96da6a05, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96da6a05, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shades of Blue.htm", cAlternateFileName="")) returned 1 [0069.204] ResetEvent (hEvent=0x28c) returned 1 [0069.204] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.280] ResetEvent (hEvent=0x28c) returned 1 [0069.280] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.292] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d8079e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96d8079e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96d8079e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x127e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShadesOfBlue.jpg", cAlternateFileName="")) returned 1 [0069.292] ResetEvent (hEvent=0x28c) returned 1 [0069.292] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.303] ResetEvent (hEvent=0x28c) returned 1 [0069.303] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.315] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d5a533, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96d5a533, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96d5a533, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Soft Blue.htm", cAlternateFileName="")) returned 1 [0069.315] ResetEvent (hEvent=0x28c) returned 1 [0069.315] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.445] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d8079e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96d8079e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96d8079e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2949, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftBlue.jpg", cAlternateFileName="")) returned 1 [0069.445] ResetEvent (hEvent=0x28c) returned 1 [0069.445] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.454] ResetEvent (hEvent=0x28c) returned 1 [0069.454] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.466] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d8079e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96d8079e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96d8079e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stars.htm", cAlternateFileName="")) returned 1 [0069.466] ResetEvent (hEvent=0x28c) returned 1 [0069.466] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.514] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d8079e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96d8079e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96d8079e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stars.jpg", cAlternateFileName="")) returned 1 [0069.514] ResetEvent (hEvent=0x28c) returned 1 [0069.514] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.530] ResetEvent (hEvent=0x28c) returned 1 [0069.530] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.543] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d8079e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96d8079e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96d8079e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stars.jpg", cAlternateFileName="")) returned 0 [0069.544] FindClose (in: hFindFile=0x4c06070 | out: hFindFile=0x4c06070) returned 1 [0069.544] GetProcessHeap () returned 0x4b0000 [0069.544] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bb2080 | out: hHeap=0x4b0000) returned 1 [0069.545] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b56882, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TextConv", cAlternateFileName="")) returned 1 [0069.545] GetProcessHeap () returned 0x4b0000 [0069.545] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0069.545] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\TextConv\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b56882, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0069.545] FindNextFileW (in: hFindFile=0x4c05f30, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b56882, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.546] FindNextFileW (in: hFindFile=0x4c05f30, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b5787e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0069.546] GetProcessHeap () returned 0x4b0000 [0069.546] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bb2080 [0069.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\TextConv\\en-US\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b5787e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0069.546] FindNextFileW (in: hFindFile=0x4c05ef0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b5787e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.546] FindNextFileW (in: hFindFile=0x4c05ef0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b5787e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0069.546] FindClose (in: hFindFile=0x4c05ef0 | out: hFindFile=0x4c05ef0) returned 1 [0069.546] GetProcessHeap () returned 0x4b0000 [0069.546] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bb2080 | out: hHeap=0x4b0000) returned 1 [0069.546] FindNextFileW (in: hFindFile=0x4c05f30, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b5787e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0069.546] FindClose (in: hFindFile=0x4c05f30 | out: hFindFile=0x4c05f30) returned 1 [0069.546] GetProcessHeap () returned 0x4b0000 [0069.546] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0069.546] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b57d42, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Triedit", cAlternateFileName="")) returned 1 [0069.546] GetProcessHeap () returned 0x4b0000 [0069.546] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0069.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\Triedit\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b57d42, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0069.546] FindNextFileW (in: hFindFile=0x4c05b70, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b57d42, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.547] FindNextFileW (in: hFindFile=0x4c05b70, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b58502, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0069.547] GetProcessHeap () returned 0x4b0000 [0069.547] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bb2080 [0069.547] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\Triedit\\en-US\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b58502, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0069.547] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b58502, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.547] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b58502, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0069.547] FindClose (in: hFindFile=0x4c05ab0 | out: hFindFile=0x4c05ab0) returned 1 [0069.547] GetProcessHeap () returned 0x4b0000 [0069.547] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bb2080 | out: hHeap=0x4b0000) returned 1 [0069.547] FindNextFileW (in: hFindFile=0x4c05b70, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b58502, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0069.547] FindClose (in: hFindFile=0x4c05b70 | out: hFindFile=0x4c05b70) returned 1 [0069.547] GetProcessHeap () returned 0x4b0000 [0069.547] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0069.547] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xbcd0fab8, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xa0b594b8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2ce22546, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC", cAlternateFileName="")) returned 1 [0069.547] GetProcessHeap () returned 0x4b0000 [0069.547] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0069.547] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VC\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xbcd0fab8, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xa0b594b8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2ce22546, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0069.547] FindNextFileW (in: hFindFile=0x4c05f30, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xbcd0fab8, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xa0b594b8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2ce22546, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.547] FindNextFileW (in: hFindFile=0x4c05f30, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8127e00, ftCreationTime.dwHighDateTime=0x1cbd076, ftLastAccessTime.dwLowDateTime=0xcd0a4098, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xd8127e00, ftLastWriteTime.dwHighDateTime=0x1cbd076, nFileSizeHigh=0x0, nFileSizeLow=0xf1b50, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdia100.dll", cAlternateFileName="")) returned 1 [0069.548] ResetEvent (hEvent=0x28c) returned 1 [0069.548] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.683] FindNextFileW (in: hFindFile=0x4c05f30, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe87c00, ftCreationTime.dwHighDateTime=0x1cbfe36, ftLastAccessTime.dwLowDateTime=0x2ce22546, ftLastAccessTime.dwHighDateTime=0x1d327be, ftLastWriteTime.dwLowDateTime=0xcfe87c00, ftLastWriteTime.dwHighDateTime=0x1cbfe36, nFileSizeHigh=0x0, nFileSizeLow=0xd0d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdia90.dll", cAlternateFileName="")) returned 1 [0069.683] ResetEvent (hEvent=0x28c) returned 1 [0069.683] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.862] ResetEvent (hEvent=0x28c) returned 1 [0069.862] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.874] FindNextFileW (in: hFindFile=0x4c05f30, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe87c00, ftCreationTime.dwHighDateTime=0x1cbfe36, ftLastAccessTime.dwLowDateTime=0x2ce22546, ftLastAccessTime.dwHighDateTime=0x1d327be, ftLastWriteTime.dwLowDateTime=0xcfe87c00, ftLastWriteTime.dwHighDateTime=0x1cbfe36, nFileSizeHigh=0x0, nFileSizeLow=0xd0d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdia90.dll", cAlternateFileName="")) returned 0 [0069.874] FindClose (in: hFindFile=0x4c05f30 | out: hFindFile=0x4c05f30) returned 1 [0069.874] GetProcessHeap () returned 0x4b0000 [0069.874] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0069.876] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b59a78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGX", cAlternateFileName="")) returned 1 [0069.876] GetProcessHeap () returned 0x4b0000 [0069.876] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0069.876] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VGX\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b59a78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0069.876] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b59a78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.876] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a69a2a7, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xb3fd6e56, ftLastAccessTime.dwHighDateTime=0x1d2fa09, ftLastWriteTime.dwLowDateTime=0x4a69a2a7, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0xf1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGX.dll", cAlternateFileName="")) returned 1 [0069.876] ResetEvent (hEvent=0x28c) returned 1 [0069.876] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0069.902] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a69a2a7, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xb3fd6e56, ftLastAccessTime.dwHighDateTime=0x1d2fa09, ftLastWriteTime.dwLowDateTime=0x4a69a2a7, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0xf1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGX.dll", cAlternateFileName="")) returned 0 [0069.902] FindClose (in: hFindFile=0x4c059f0 | out: hFindFile=0x4c059f0) returned 1 [0069.902] GetProcessHeap () returned 0x4b0000 [0069.902] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0069.902] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ecb94e, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4ae972f5, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTO", cAlternateFileName="")) returned 1 [0069.902] GetProcessHeap () returned 0x4b0000 [0069.902] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0069.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VSTO\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ecb94e, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4ae972f5, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0069.902] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ecb94e, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4ae972f5, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.902] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4aebd53e, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4aebd53e, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0069.902] GetProcessHeap () returned 0x4b0000 [0069.902] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0069.903] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VSTO\\10.0\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4aebd53e, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4aebd53e, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0069.903] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4aebd53e, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4aebd53e, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.904] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4a6fdac8, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0069.904] GetProcessHeap () returned 0x4b0000 [0069.904] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0069.904] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\*", lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4a6fdac8, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 [0069.904] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4a6fdac8, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0069.904] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4a6d7a0a, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x30a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTOInstallerUI.dll", cAlternateFileName="VSTOIN~1.DLL")) returned 1 [0069.905] ResetEvent (hEvent=0x28c) returned 1 [0069.905] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.089] ResetEvent (hEvent=0x28c) returned 1 [0070.089] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.102] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x5080, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTOLoaderUI.dll", cAlternateFileName="VSTOLO~1.DLL")) returned 1 [0070.103] ResetEvent (hEvent=0x28c) returned 1 [0070.103] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.194] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1eb30 | out: lpFindFileData=0xe1eb30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x5080, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTOLoaderUI.dll", cAlternateFileName="VSTOLO~1.DLL")) returned 0 [0070.195] FindClose (in: hFindFile=0x4c06030 | out: hFindFile=0x4c06030) returned 1 [0070.195] GetProcessHeap () returned 0x4b0000 [0070.195] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0070.195] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x18888, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTOInstaller.exe", cAlternateFileName="VSTOIN~1.EXE")) returned 1 [0070.195] ResetEvent (hEvent=0x28c) returned 1 [0070.195] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.290] ResetEvent (hEvent=0x28c) returned 1 [0070.290] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.307] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4aebd53e, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x59a70, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTOLoader.dll", cAlternateFileName="VSTOLO~1.DLL")) returned 1 [0070.308] ResetEvent (hEvent=0x28c) returned 1 [0070.308] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.413] ResetEvent (hEvent=0x28c) returned 1 [0070.413] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.626] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0xbee8, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTOMessageProvider.dll", cAlternateFileName="VSTOME~1.DLL")) returned 1 [0070.626] ResetEvent (hEvent=0x28c) returned 1 [0070.626] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.637] ResetEvent (hEvent=0x28c) returned 1 [0070.637] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0070.969] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0xbee8, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTOMessageProvider.dll", cAlternateFileName="VSTOME~1.DLL")) returned 0 [0070.969] FindClose (in: hFindFile=0x4c059f0 | out: hFindFile=0x4c059f0) returned 1 [0070.969] GetProcessHeap () returned 0x4b0000 [0070.969] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0070.970] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbd6700, ftCreationTime.dwHighDateTime=0x1d0d7c4, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x5dbd6700, ftLastWriteTime.dwHighDateTime=0x1d0d7c4, nFileSizeHigh=0x0, nFileSizeLow=0x29080, dwReserved0=0x0, dwReserved1=0x0, cFileName="vstoee.dll", cAlternateFileName="")) returned 1 [0070.970] ResetEvent (hEvent=0x28c) returned 1 [0070.970] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0071.086] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6340300, ftCreationTime.dwHighDateTime=0x1d0d6b2, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0xd6340300, ftLastWriteTime.dwHighDateTime=0x1d0d6b2, nFileSizeHigh=0x0, nFileSizeLow=0x4298, dwReserved0=0x0, dwReserved1=0x0, cFileName="vstoee100.tlb", cAlternateFileName="VSTOEE~1.TLB")) returned 1 [0071.086] ResetEvent (hEvent=0x28c) returned 1 [0071.087] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0071.099] ResetEvent (hEvent=0x28c) returned 1 [0071.099] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0071.443] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6340300, ftCreationTime.dwHighDateTime=0x1d0d6b2, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0xd6340300, ftLastWriteTime.dwHighDateTime=0x1d0d6b2, nFileSizeHigh=0x0, nFileSizeLow=0x5898, dwReserved0=0x0, dwReserved1=0x0, cFileName="vstoee90.tlb", cAlternateFileName="")) returned 1 [0071.443] ResetEvent (hEvent=0x28c) returned 1 [0071.443] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0071.712] FindNextFileW (in: hFindFile=0x4c06070, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6340300, ftCreationTime.dwHighDateTime=0x1d0d6b2, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0xd6340300, ftLastWriteTime.dwHighDateTime=0x1d0d6b2, nFileSizeHigh=0x0, nFileSizeLow=0x5898, dwReserved0=0x0, dwReserved1=0x0, cFileName="vstoee90.tlb", cAlternateFileName="")) returned 0 [0071.712] FindClose (in: hFindFile=0x4c06070 | out: hFindFile=0x4c06070) returned 1 [0071.713] GetProcessHeap () returned 0x4b0000 [0071.713] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0071.713] FindNextFileW (in: hFindFile=0x4c05d70, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ecb94e, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4ae972f5, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTO", cAlternateFileName="")) returned 0 [0071.713] FindClose (in: hFindFile=0x4c05d70 | out: hFindFile=0x4c05d70) returned 1 [0071.714] GetProcessHeap () returned 0x4b0000 [0071.714] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0071.715] FindNextFileW (in: hFindFile=0x4c059b0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c11068, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a412e70, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0071.715] GetProcessHeap () returned 0x4b0000 [0071.715] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0071.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\Services\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c11068, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a412e70, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0071.715] FindNextFileW (in: hFindFile=0x4c05bf0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c11068, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a412e70, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.715] FindNextFileW (in: hFindFile=0x4c05bf0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440ad34a, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440ad34a, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440ad34a, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="verisign.bmp", cAlternateFileName="")) returned 1 [0071.716] ResetEvent (hEvent=0x28c) returned 1 [0071.716] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0072.090] FindNextFileW (in: hFindFile=0x4c05bf0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440ad34a, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440ad34a, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440ad34a, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="verisign.bmp", cAlternateFileName="")) returned 0 [0072.090] FindClose (in: hFindFile=0x4c05bf0 | out: hFindFile=0x4c05bf0) returned 1 [0072.090] GetProcessHeap () returned 0x4b0000 [0072.090] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0072.090] FindNextFileW (in: hFindFile=0x4c059b0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c5f95f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0072.091] GetProcessHeap () returned 0x4b0000 [0072.091] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0072.091] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c5f95f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0072.091] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c5f95f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.091] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0cb0a3f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ado", cAlternateFileName="")) returned 1 [0072.091] GetProcessHeap () returned 0x4b0000 [0072.091] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0072.091] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\ado\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0cb0a3f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 [0072.092] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0cb0a3f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.092] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52a0c6a1, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x52a0c6a1, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x52a0c6a1, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3a08, dwReserved0=0x0, dwReserved1=0x0, cFileName="adojavas.inc", cAlternateFileName="")) returned 1 [0072.092] ResetEvent (hEvent=0x28c) returned 1 [0072.092] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0072.260] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x529e643a, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x529e643a, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x529e643a, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3b5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="adovbs.inc", cAlternateFileName="")) returned 1 [0072.260] ResetEvent (hEvent=0x28c) returned 1 [0072.260] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0072.494] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb2730, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0072.494] GetProcessHeap () returned 0x4b0000 [0072.494] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4fe548 [0072.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\ado\\en-US\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb2730, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0072.500] FindNextFileW (in: hFindFile=0x4c05cf0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb2730, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.500] FindNextFileW (in: hFindFile=0x4c05cf0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b9483e2, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb3fb1900, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x4600, dwReserved0=0x0, dwReserved1=0x0, cFileName="msader15.dll.mui", cAlternateFileName="")) returned 1 [0072.500] ResetEvent (hEvent=0x28c) returned 1 [0072.500] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0072.524] FindNextFileW (in: hFindFile=0x4c05cf0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b9483e2, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb3fb1900, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x4600, dwReserved0=0x0, dwReserved1=0x0, cFileName="msader15.dll.mui", cAlternateFileName="")) returned 0 [0072.524] FindClose (in: hFindFile=0x4c05cf0 | out: hFindFile=0x4c05cf0) returned 1 [0072.524] GetProcessHeap () returned 0x4b0000 [0072.524] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4fe548 | out: hHeap=0x4b0000) returned 1 [0072.524] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43854cb5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x43854cb5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x43854cb5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msader15.dll", cAlternateFileName="")) returned 1 [0072.524] ResetEvent (hEvent=0x28c) returned 1 [0072.524] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0072.602] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x463fb128, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xced4b5c5, ftLastAccessTime.dwHighDateTime=0x1d2fa09, ftLastWriteTime.dwLowDateTime=0x463fb128, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x12d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado15.dll", cAlternateFileName="")) returned 1 [0072.602] ResetEvent (hEvent=0x28c) returned 1 [0072.602] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0072.805] ResetEvent (hEvent=0x28c) returned 1 [0072.805] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0073.096] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41cc3017, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41cc3017, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41cc3017, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xc600, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado20.tlb", cAlternateFileName="")) returned 1 [0073.096] ResetEvent (hEvent=0x28c) returned 1 [0073.096] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0073.317] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41cc3017, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41cc3017, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41cc3017, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado21.tlb", cAlternateFileName="")) returned 1 [0073.317] ResetEvent (hEvent=0x28c) returned 1 [0073.317] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0073.329] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41cc3017, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41cc3017, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41cc3017, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado25.tlb", cAlternateFileName="")) returned 1 [0073.329] ResetEvent (hEvent=0x28c) returned 1 [0073.329] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0074.239] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41cc3017, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41cc3017, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41cc3017, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado26.tlb", cAlternateFileName="")) returned 1 [0074.239] ResetEvent (hEvent=0x28c) returned 1 [0074.239] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0074.341] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41cc3017, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41cc3017, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41cc3017, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x11600, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado27.tlb", cAlternateFileName="")) returned 1 [0074.341] ResetEvent (hEvent=0x28c) returned 1 [0074.341] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0074.368] ResetEvent (hEvent=0x28c) returned 1 [0074.368] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0074.398] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c6f28a5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4c6f28a5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4c6f28a5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado28.tlb", cAlternateFileName="")) returned 1 [0074.398] ResetEvent (hEvent=0x28c) returned 1 [0074.398] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0074.409] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c6f28a5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4c6f28a5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4c6f28a5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msado60.tlb", cAlternateFileName="")) returned 1 [0074.409] ResetEvent (hEvent=0x28c) returned 1 [0074.409] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0075.057] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x463fb128, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xd005e363, ftLastAccessTime.dwHighDateTime=0x1d2fa09, ftLastWriteTime.dwLowDateTime=0x463fb128, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x58e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadomd.dll", cAlternateFileName="")) returned 1 [0075.057] ResetEvent (hEvent=0x28c) returned 1 [0075.057] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0075.305] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437960ad, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x437960ad, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x437960ad, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3600, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadomd28.tlb", cAlternateFileName="")) returned 1 [0075.305] ResetEvent (hEvent=0x28c) returned 1 [0075.305] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0075.533] ResetEvent (hEvent=0x28c) returned 1 [0075.533] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0075.789] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41da7e83, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41da7e83, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41da7e83, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msador15.dll", cAlternateFileName="")) returned 1 [0075.789] ResetEvent (hEvent=0x28c) returned 1 [0075.789] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0075.799] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x438ed65e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x438ed65e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x438ed65e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x8c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msador28.tlb", cAlternateFileName="")) returned 1 [0075.799] ResetEvent (hEvent=0x28c) returned 1 [0075.799] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0075.917] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x463fb128, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xc5b43065, ftLastAccessTime.dwHighDateTime=0x1d2fa09, ftLastWriteTime.dwLowDateTime=0x463fb128, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x62e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadox.dll", cAlternateFileName="")) returned 1 [0075.917] ResetEvent (hEvent=0x28c) returned 1 [0075.917] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.190] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43c5ad98, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x43c5ad98, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x43c5ad98, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadox28.tlb", cAlternateFileName="")) returned 1 [0076.191] ResetEvent (hEvent=0x28c) returned 1 [0076.191] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.435] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437960ad, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x437960ad, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x437960ad, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x16400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadrh15.dll", cAlternateFileName="")) returned 1 [0076.435] ResetEvent (hEvent=0x28c) returned 1 [0076.435] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.447] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437960ad, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x437960ad, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x437960ad, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x16400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadrh15.dll", cAlternateFileName="")) returned 0 [0076.448] FindClose (in: hFindFile=0x4c06030 | out: hFindFile=0x4c06030) returned 1 [0076.448] GetProcessHeap () returned 0x4b0000 [0076.448] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0076.449] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d5a533, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96d5a533, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96d5a533, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectDB.dll", cAlternateFileName="")) returned 1 [0076.449] ResetEvent (hEvent=0x28c) returned 1 [0076.449] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.465] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb3579, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0076.465] GetProcessHeap () returned 0x4b0000 [0076.465] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0076.466] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\en-US\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb3579, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0076.466] FindNextFileW (in: hFindFile=0x4c05ef0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb3579, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.466] FindNextFileW (in: hFindFile=0x4c05ef0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dd86035, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x755f99d9, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x75fdf500, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x17000, dwReserved0=0x0, dwReserved1=0x0, cFileName="wab32res.dll.mui", cAlternateFileName="")) returned 1 [0076.466] ResetEvent (hEvent=0x28c) returned 1 [0076.466] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.468] FindNextFileW (in: hFindFile=0x4c05ef0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dd86035, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x755f99d9, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x75fdf500, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x17000, dwReserved0=0x0, dwReserved1=0x0, cFileName="wab32res.dll.mui", cAlternateFileName="")) returned 0 [0076.468] FindClose (in: hFindFile=0x4c05ef0 | out: hFindFile=0x4c05ef0) returned 1 [0076.468] GetProcessHeap () returned 0x4b0000 [0076.468] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0076.468] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d7f179, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadc", cAlternateFileName="")) returned 1 [0076.469] GetProcessHeap () returned 0x4b0000 [0076.469] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0076.469] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\msadc\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d7f179, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0076.469] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d7f179, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.469] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41da7e83, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41da7e83, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41da7e83, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x276, dwReserved0=0x0, dwReserved1=0x0, cFileName="adcjavas.inc", cAlternateFileName="")) returned 1 [0076.470] ResetEvent (hEvent=0x28c) returned 1 [0076.470] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.484] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41dce0ea, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41dce0ea, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41dce0ea, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x26f, dwReserved0=0x0, dwReserved1=0x0, cFileName="adcvbs.inc", cAlternateFileName="")) returned 1 [0076.484] ResetEvent (hEvent=0x28c) returned 1 [0076.484] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.496] ResetEvent (hEvent=0x28c) returned 1 [0076.496] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.504] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d805e9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0076.504] GetProcessHeap () returned 0x4b0000 [0076.504] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4fe548 [0076.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\msadc\\en-US\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d805e9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0076.505] FindNextFileW (in: hFindFile=0x4c05cb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d805e9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.505] FindNextFileW (in: hFindFile=0x4c05cb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b99489e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb198bf00, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadcer.dll.mui", cAlternateFileName="")) returned 1 [0076.505] ResetEvent (hEvent=0x28c) returned 1 [0076.505] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.514] FindNextFileW (in: hFindFile=0x4c05cb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b9e0d51, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb2c9ec00, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadcor.dll.mui", cAlternateFileName="")) returned 1 [0076.514] ResetEvent (hEvent=0x28c) returned 1 [0076.514] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.525] ResetEvent (hEvent=0x28c) returned 1 [0076.525] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.540] FindNextFileW (in: hFindFile=0x4c05cb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ba9f918, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb198bf00, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msaddsr.dll.mui", cAlternateFileName="")) returned 1 [0076.541] ResetEvent (hEvent=0x28c) returned 1 [0076.541] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.613] FindNextFileW (in: hFindFile=0x4c05cb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ba9f918, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb198bf00, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaprsr.dll.mui", cAlternateFileName="")) returned 1 [0076.613] ResetEvent (hEvent=0x28c) returned 1 [0076.613] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0076.653] ResetEvent (hEvent=0x28c) returned 1 [0076.654] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0078.486] FindNextFileW (in: hFindFile=0x4c05cb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bb38282, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb198bf00, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaremr.dll.mui", cAlternateFileName="")) returned 1 [0078.486] ResetEvent (hEvent=0x28c) returned 1 [0078.486] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0079.425] FindNextFileW (in: hFindFile=0x4c05cb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bb38282, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb198bf00, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaremr.dll.mui", cAlternateFileName="")) returned 0 [0079.425] FindClose (in: hFindFile=0x4c05cb0 | out: hFindFile=0x4c05cb0) returned 1 [0079.426] GetProcessHeap () returned 0x4b0000 [0079.426] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4fe548 | out: hHeap=0x4b0000) returned 1 [0079.426] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41da7e83, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41da7e83, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41da7e83, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadce.dll", cAlternateFileName="")) returned 1 [0079.426] ResetEvent (hEvent=0x28c) returned 1 [0079.426] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0080.186] ResetEvent (hEvent=0x28c) returned 1 [0080.186] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0080.719] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41dce0ea, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41dce0ea, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41dce0ea, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadcer.dll", cAlternateFileName="")) returned 1 [0080.719] ResetEvent (hEvent=0x28c) returned 1 [0080.719] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0081.592] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41da7e83, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41da7e83, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41da7e83, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3b400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadco.dll", cAlternateFileName="")) returned 1 [0081.593] ResetEvent (hEvent=0x28c) returned 1 [0081.593] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0081.658] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41da7e83, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41da7e83, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41da7e83, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadcor.dll", cAlternateFileName="")) returned 1 [0081.658] ResetEvent (hEvent=0x28c) returned 1 [0081.658] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0081.720] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440870df, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440870df, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440870df, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x44400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msadds.dll", cAlternateFileName="")) returned 1 [0081.720] ResetEvent (hEvent=0x28c) returned 1 [0081.720] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0081.764] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44060e78, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x44060e78, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x44060e78, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msaddsr.dll", cAlternateFileName="")) returned 1 [0081.764] ResetEvent (hEvent=0x28c) returned 1 [0081.764] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0081.803] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41d5b9b4, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41d5b9b4, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41d5b9b4, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaprsr.dll", cAlternateFileName="")) returned 1 [0081.803] ResetEvent (hEvent=0x28c) returned 1 [0081.803] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.064] ResetEvent (hEvent=0x28c) returned 1 [0082.064] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.080] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41d5b9b4, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41d5b9b4, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41d5b9b4, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x57000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaprst.dll", cAlternateFileName="")) returned 1 [0082.081] ResetEvent (hEvent=0x28c) returned 1 [0082.081] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.261] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44060e78, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x44060e78, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x44060e78, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x36200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdarem.dll", cAlternateFileName="")) returned 1 [0082.261] ResetEvent (hEvent=0x28c) returned 1 [0082.261] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.273] ResetEvent (hEvent=0x28c) returned 1 [0082.273] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.463] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4403ac10, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4403ac10, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4403ac10, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaremr.dll", cAlternateFileName="")) returned 1 [0082.463] ResetEvent (hEvent=0x28c) returned 1 [0082.463] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.625] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440870df, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440870df, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440870df, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdfmap.dll", cAlternateFileName="")) returned 1 [0082.625] ResetEvent (hEvent=0x28c) returned 1 [0082.626] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.742] ResetEvent (hEvent=0x28c) returned 1 [0082.742] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.777] FindNextFileW (in: hFindFile=0x4c05af0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440870df, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440870df, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440870df, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdfmap.dll", cAlternateFileName="")) returned 0 [0082.777] FindClose (in: hFindFile=0x4c05af0 | out: hFindFile=0x4c05af0) returned 1 [0082.777] GetProcessHeap () returned 0x4b0000 [0082.777] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0082.778] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d8186d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ole DB", cAlternateFileName="OLEDB~1")) returned 1 [0082.778] GetProcessHeap () returned 0x4b0000 [0082.778] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0082.779] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\Ole DB\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d8186d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0082.780] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d8186d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.780] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d8245b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0082.780] GetProcessHeap () returned 0x4b0000 [0082.780] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4fe548 [0082.781] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\Ole DB\\en-US\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d8245b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0082.781] FindNextFileW (in: hFindFile=0x4c05a70, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d8245b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.781] FindNextFileW (in: hFindFile=0x4c05a70, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bb38282, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb3fb1900, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdasqlr.dll.mui", cAlternateFileName="")) returned 1 [0082.781] ResetEvent (hEvent=0x28c) returned 1 [0082.781] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0082.828] FindNextFileW (in: hFindFile=0x4c05a70, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b9e0d51, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb3fb1900, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0xbc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="oledb32r.dll.mui", cAlternateFileName="")) returned 1 [0082.829] ResetEvent (hEvent=0x28c) returned 1 [0082.829] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0083.760] FindNextFileW (in: hFindFile=0x4c05a70, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bb38282, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb3fb1900, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0xac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqloledb.rll.mui", cAlternateFileName="")) returned 1 [0083.760] ResetEvent (hEvent=0x28c) returned 1 [0083.760] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.138] FindNextFileW (in: hFindFile=0x4c05a70, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ba9f918, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb65d7300, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlxmlx.rll.mui", cAlternateFileName="")) returned 1 [0084.138] ResetEvent (hEvent=0x28c) returned 1 [0084.138] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.353] ResetEvent (hEvent=0x28c) returned 1 [0084.353] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.354] ResetEvent (hEvent=0x28c) returned 1 [0084.354] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.354] FindNextFileW (in: hFindFile=0x4c05a70, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ba9f918, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7449544e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xb65d7300, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlxmlx.rll.mui", cAlternateFileName="")) returned 0 [0084.354] FindClose (in: hFindFile=0x4c05a70 | out: hFindFile=0x4c05a70) returned 1 [0084.354] GetProcessHeap () returned 0x4b0000 [0084.354] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4fe548 | out: hHeap=0x4b0000) returned 1 [0084.355] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440870df, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440870df, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440870df, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x18600, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaosp.dll", cAlternateFileName="")) returned 1 [0084.355] ResetEvent (hEvent=0x28c) returned 1 [0084.355] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.356] ResetEvent (hEvent=0x28c) returned 1 [0084.356] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.357] ResetEvent (hEvent=0x28c) returned 1 [0084.357] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.358] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440870df, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440870df, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440870df, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x5be00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdaps.dll", cAlternateFileName="")) returned 1 [0084.358] ResetEvent (hEvent=0x28c) returned 1 [0084.358] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.361] ResetEvent (hEvent=0x28c) returned 1 [0084.361] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.388] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41d0f4ea, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41d0f4ea, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41d0f4ea, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xaa800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdasql.dll", cAlternateFileName="")) returned 1 [0084.388] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41d0f4ea, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41d0f4ea, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41d0f4ea, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd600, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdasqlr.dll", cAlternateFileName="")) returned 1 [0084.388] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41d0f4ea, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41d0f4ea, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41d0f4ea, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1ca00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdatl3.dll", cAlternateFileName="")) returned 1 [0084.388] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41d0f4ea, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41d0f4ea, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41d0f4ea, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msxactps.dll", cAlternateFileName="")) returned 1 [0084.388] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41ce9283, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41ce9283, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41ce9283, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xe6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="oledb32.dll", cAlternateFileName="")) returned 1 [0084.388] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41ce9283, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41ce9283, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41ce9283, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="oledb32r.dll", cAlternateFileName="")) returned 1 [0084.388] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41ce9283, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41ce9283, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41ce9283, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x264c, dwReserved0=0x0, dwReserved1=0x0, cFileName="oledbjvs.inc", cAlternateFileName="")) returned 1 [0084.389] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41cc3017, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41cc3017, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41cc3017, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x26f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="oledbvbs.inc", cAlternateFileName="")) returned 1 [0084.389] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43c80ffc, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x43c80ffc, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x43c80ffc, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqloledb.dll", cAlternateFileName="")) returned 1 [0084.389] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43c80ffc, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x43c80ffc, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x43c80ffc, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqloledb.rll", cAlternateFileName="")) returned 1 [0084.389] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43854cb5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x43854cb5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x43854cb5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4fa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlxmlx.dll", cAlternateFileName="")) returned 1 [0084.389] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43854cb5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x43854cb5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x43854cb5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlxmlx.rll", cAlternateFileName="")) returned 1 [0084.389] ResetEvent (hEvent=0x28c) returned 1 [0084.389] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.392] ResetEvent (hEvent=0x28c) returned 1 [0084.392] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.394] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43854cb5, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x43854cb5, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x43854cb5, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlxmlx.rll", cAlternateFileName="")) returned 0 [0084.394] FindClose (in: hFindFile=0x4c05ab0 | out: hFindFile=0x4c05ab0) returned 1 [0084.394] GetProcessHeap () returned 0x4b0000 [0084.394] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0084.395] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440d35a9, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440d35a9, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440d35a9, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd0a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="wab32.dll", cAlternateFileName="")) returned 1 [0084.395] ResetEvent (hEvent=0x28c) returned 1 [0084.395] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.397] ResetEvent (hEvent=0x28c) returned 1 [0084.397] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.399] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440d35a9, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440d35a9, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440d35a9, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xeb600, dwReserved0=0x0, dwReserved1=0x0, cFileName="wab32res.dll", cAlternateFileName="")) returned 1 [0084.399] ResetEvent (hEvent=0x28c) returned 1 [0084.399] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.402] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440d35a9, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x440d35a9, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x440d35a9, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xeb600, dwReserved0=0x0, dwReserved1=0x0, cFileName="wab32res.dll", cAlternateFileName="")) returned 0 [0084.402] FindClose (in: hFindFile=0x4c059f0 | out: hFindFile=0x4c059f0) returned 1 [0084.402] GetProcessHeap () returned 0x4b0000 [0084.402] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0084.402] FindNextFileW (in: hFindFile=0x4c059b0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c5f95f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 0 [0084.402] FindClose (in: hFindFile=0x4c059b0 | out: hFindFile=0x4c059b0) returned 1 [0084.402] GetProcessHeap () returned 0x4b0000 [0084.402] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0084.402] FindNextFileW (in: hFindFile=0x4c05e30, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x1a307d95, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5d0779b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5d0779b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0084.403] ResetEvent (hEvent=0x28c) returned 1 [0084.403] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.404] FindNextFileW (in: hFindFile=0x4c05e30, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d83195, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0084.404] GetProcessHeap () returned 0x4b0000 [0084.405] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0084.405] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d83195, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0084.406] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d83195, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.406] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d83d92, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa21685bc, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0084.406] GetProcessHeap () returned 0x4b0000 [0084.406] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0084.406] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\en-US\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d83d92, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa21685bc, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0084.406] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d83d92, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa21685bc, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.406] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b2dfe94, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7f0f18af, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x68e10600, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="hmmapi.dll.mui", cAlternateFileName="")) returned 1 [0084.406] ResetEvent (hEvent=0x28c) returned 1 [0084.406] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.408] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b3c4cb5, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7f0f18af, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x75fdf500, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ieinstal.exe.mui", cAlternateFileName="")) returned 1 [0084.408] ResetEvent (hEvent=0x28c) returned 1 [0084.408] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.411] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b2212c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7f0f18af, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x74ccc800, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="iexplore.exe.mui", cAlternateFileName="")) returned 1 [0084.411] FindNextFileW (in: hFindFile=0x4c05ab0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b2212c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7f0f18af, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x74ccc800, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="iexplore.exe.mui", cAlternateFileName="")) returned 0 [0084.411] FindClose (in: hFindFile=0x4c05ab0 | out: hFindFile=0x4c05ab0) returned 1 [0084.411] GetProcessHeap () returned 0x4b0000 [0084.411] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0084.411] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a4ec31b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a4ec31b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a4ec31b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExtExport.exe", cAlternateFileName="")) returned 1 [0084.411] ResetEvent (hEvent=0x28c) returned 1 [0084.411] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.419] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9b1003, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a9b1003, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a9b1003, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd400, dwReserved0=0x0, dwReserved1=0x0, cFileName="hmmapi.dll", cAlternateFileName="")) returned 1 [0084.419] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a49fe45, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a49fe45, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a49fe45, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="iediagcmd.exe", cAlternateFileName="")) returned 1 [0084.419] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a70c9a1, ftCreationTime.dwHighDateTime=0x1d2fa08, ftLastAccessTime.dwLowDateTime=0xbc534b5e, ftLastAccessTime.dwHighDateTime=0x1d2fa09, ftLastWriteTime.dwLowDateTime=0x4a70c9a1, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x7a800, dwReserved0=0x0, dwReserved1=0x0, cFileName="ieinstal.exe", cAlternateFileName="")) returned 1 [0084.419] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a49fe45, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a49fe45, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a49fe45, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x36c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ielowutil.exe", cAlternateFileName="")) returned 1 [0084.419] ResetEvent (hEvent=0x28c) returned 1 [0084.419] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.533] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a49fe45, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a49fe45, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a4c60b4, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x63800, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEShims.dll", cAlternateFileName="")) returned 1 [0084.533] ResetEvent (hEvent=0x28c) returned 1 [0084.533] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.534] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa182b3a4, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa1c0b0e4, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x8ca44c00, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0xc9340, dwReserved0=0x0, dwReserved1=0x0, cFileName="iexplore.exe", cAlternateFileName="")) returned 1 [0084.534] ResetEvent (hEvent=0x28c) returned 1 [0084.534] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.535] ResetEvent (hEvent=0x28c) returned 1 [0084.535] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.536] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d846d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a485593, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="images", cAlternateFileName="")) returned 1 [0084.536] GetProcessHeap () returned 0x4b0000 [0084.536] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0084.536] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\images\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d846d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a485593, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0084.536] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d846d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a485593, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.537] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a55ea4d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a55ea4d, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a55ea4d, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="bing.ico", cAlternateFileName="")) returned 1 [0084.537] ResetEvent (hEvent=0x28c) returned 1 [0084.537] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.538] ResetEvent (hEvent=0x28c) returned 1 [0084.538] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.539] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a55ea4d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a55ea4d, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a55ea4d, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="bing.ico", cAlternateFileName="")) returned 0 [0084.539] FindClose (in: hFindFile=0x4c05eb0 | out: hFindFile=0x4c05eb0) returned 1 [0084.539] GetProcessHeap () returned 0x4b0000 [0084.539] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0084.539] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xb77a1634, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb77a1634, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SIGNUP", cAlternateFileName="")) returned 1 [0084.539] GetProcessHeap () returned 0x4b0000 [0084.539] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0084.539] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\SIGNUP\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xb77a1634, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb77a1634, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0084.539] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xb77a1634, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb77a1634, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.539] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30c952e, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x970b4468, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x970b4468, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="install.ins", cAlternateFileName="")) returned 1 [0084.539] ResetEvent (hEvent=0x28c) returned 1 [0084.539] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.540] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30c952e, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x970b4468, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x970b4468, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="install.ins", cAlternateFileName="")) returned 0 [0084.540] FindClose (in: hFindFile=0x4c05eb0 | out: hFindFile=0x4c05eb0) returned 1 [0084.540] GetProcessHeap () returned 0x4b0000 [0084.540] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0084.540] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9b1003, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a9b1003, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a9b1003, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xc218, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqmapi.dll", cAlternateFileName="")) returned 1 [0084.540] ResetEvent (hEvent=0x28c) returned 1 [0084.540] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.541] ResetEvent (hEvent=0x28c) returned 1 [0084.541] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.542] FindNextFileW (in: hFindFile=0x4c05930, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9b1003, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x2a9b1003, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x2a9b1003, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xc218, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqmapi.dll", cAlternateFileName="")) returned 0 [0084.542] FindClose (in: hFindFile=0x4c05930 | out: hFindFile=0x4c05930) returned 1 [0084.542] GetProcessHeap () returned 0x4b0000 [0084.542] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x55ec48 | out: hHeap=0x4b0000) returned 1 [0084.543] FindNextFileW (in: hFindFile=0x4c05e30, lpFindFileData=0xe1f800 | out: lpFindFileData=0xe1f800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0x717638a8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x717638a8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Java", cAlternateFileName="")) returned 1 [0084.543] GetProcessHeap () returned 0x4b0000 [0084.543] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x55ec48 [0084.543] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\*", lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0x717638a8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x717638a8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0084.544] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0x717638a8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x717638a8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.544] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8eb27e0, ftCreationTime.dwHighDateTime=0x1d56485, ftLastAccessTime.dwLowDateTime=0x17bbc760, ftLastAccessTime.dwHighDateTime=0x1d50498, ftLastWriteTime.dwLowDateTime=0x17bbc760, ftLastWriteTime.dwHighDateTime=0x1d50498, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="extending_salvador_coming.exe", cAlternateFileName="EXTEND~1.EXE")) returned 1 [0084.544] ResetEvent (hEvent=0x28c) returned 1 [0084.544] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.545] FindNextFileW (in: hFindFile=0x4c05eb0, lpFindFileData=0xe1f570 | out: lpFindFileData=0xe1f570*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0de2f82, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xafba0b05, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jre1.8.0_144", cAlternateFileName="JRE18~1.0_1")) returned 1 [0084.545] GetProcessHeap () returned 0x4b0000 [0084.545] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0084.545] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\*", lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0de2f82, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xafba0b05, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0084.545] FindNextFileW (in: hFindFile=0x4c05ef0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0de2f82, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xafba0b05, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.545] FindNextFileW (in: hFindFile=0x4c05ef0, lpFindFileData=0xe1f2e0 | out: lpFindFileData=0xe1f2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7406c5a, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0eaff93, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0084.545] GetProcessHeap () returned 0x4b0000 [0084.545] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0084.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\*", lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7406c5a, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0eaff93, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0084.546] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7406c5a, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0eaff93, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.546] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x172440, dwReserved0=0x0, dwReserved1=0x0, cFileName="awt.dll", cAlternateFileName="")) returned 1 [0084.546] ResetEvent (hEvent=0x28c) returned 1 [0084.546] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.547] ResetEvent (hEvent=0x28c) returned 1 [0084.547] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.548] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bci.dll", cAlternateFileName="")) returned 1 [0084.548] ResetEvent (hEvent=0x28c) returned 1 [0084.548] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.549] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x27040, dwReserved0=0x0, dwReserved1=0x0, cFileName="dcpr.dll", cAlternateFileName="")) returned 1 [0084.549] ResetEvent (hEvent=0x28c) returned 1 [0084.549] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.550] ResetEvent (hEvent=0x28c) returned 1 [0084.550] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.551] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x15040, dwReserved0=0x0, dwReserved1=0x0, cFileName="decora_sse.dll", cAlternateFileName="DECORA~1.DLL")) returned 1 [0084.551] ResetEvent (hEvent=0x28c) returned 1 [0084.551] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.552] ResetEvent (hEvent=0x28c) returned 1 [0084.552] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.553] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x8f840, dwReserved0=0x0, dwReserved1=0x0, cFileName="deploy.dll", cAlternateFileName="")) returned 1 [0084.553] ResetEvent (hEvent=0x28c) returned 1 [0084.553] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.554] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2891a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dtplugin", cAlternateFileName="")) returned 1 [0084.554] GetProcessHeap () returned 0x4b0000 [0084.554] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4fe548 [0084.555] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\dtplugin\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2891a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0084.555] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2891a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.555] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xfa840, dwReserved0=0x0, dwReserved1=0x0, cFileName="deployJava1.dll", cAlternateFileName="DEPLOY~1.DLL")) returned 1 [0084.555] ResetEvent (hEvent=0x28c) returned 1 [0084.555] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.556] ResetEvent (hEvent=0x28c) returned 1 [0084.556] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.557] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x11a640, dwReserved0=0x0, dwReserved1=0x0, cFileName="npdeployJava1.dll", cAlternateFileName="NPDEPL~1.DLL")) returned 1 [0084.557] ResetEvent (hEvent=0x28c) returned 1 [0084.557] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.559] ResetEvent (hEvent=0x28c) returned 1 [0084.559] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.559] FindNextFileW (in: hFindFile=0x4c059f0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x11a640, dwReserved0=0x0, dwReserved1=0x0, cFileName="npdeployJava1.dll", cAlternateFileName="NPDEPL~1.DLL")) returned 0 [0084.560] FindClose (in: hFindFile=0x4c059f0 | out: hFindFile=0x4c059f0) returned 1 [0084.560] GetProcessHeap () returned 0x4b0000 [0084.560] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4fe548 | out: hHeap=0x4b0000) returned 1 [0084.560] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x7440, dwReserved0=0x0, dwReserved1=0x0, cFileName="dt_shmem.dll", cAlternateFileName="")) returned 1 [0084.560] ResetEvent (hEvent=0x28c) returned 1 [0084.560] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.561] ResetEvent (hEvent=0x28c) returned 1 [0084.561] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.562] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x6040, dwReserved0=0x0, dwReserved1=0x0, cFileName="dt_socket.dll", cAlternateFileName="DT_SOC~1.DLL")) returned 1 [0084.562] ResetEvent (hEvent=0x28c) returned 1 [0084.562] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.563] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa742cea6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x21440, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.dll", cAlternateFileName="")) returned 1 [0084.563] ResetEvent (hEvent=0x28c) returned 1 [0084.563] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.564] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x43040, dwReserved0=0x0, dwReserved1=0x0, cFileName="fontmanager.dll", cAlternateFileName="FONTMA~1.DLL")) returned 1 [0084.564] ResetEvent (hEvent=0x28c) returned 1 [0084.564] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.565] ResetEvent (hEvent=0x28c) returned 1 [0084.565] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.566] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x2da40, dwReserved0=0x0, dwReserved1=0x0, cFileName="fxplugins.dll", cAlternateFileName="FXPLUG~1.DLL")) returned 1 [0084.566] ResetEvent (hEvent=0x28c) returned 1 [0084.566] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.567] ResetEvent (hEvent=0x28c) returned 1 [0084.567] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.568] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x40e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="glass.dll", cAlternateFileName="")) returned 1 [0084.568] ResetEvent (hEvent=0x28c) returned 1 [0084.568] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.569] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x6f440, dwReserved0=0x0, dwReserved1=0x0, cFileName="glib-lite.dll", cAlternateFileName="GLIB-L~1.DLL")) returned 1 [0084.569] ResetEvent (hEvent=0x28c) returned 1 [0084.569] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.570] ResetEvent (hEvent=0x28c) returned 1 [0084.570] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.571] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x97440, dwReserved0=0x0, dwReserved1=0x0, cFileName="gstreamer-lite.dll", cAlternateFileName="GSTREA~1.DLL")) returned 1 [0084.571] ResetEvent (hEvent=0x28c) returned 1 [0084.572] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.573] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x26a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="hprof.dll", cAlternateFileName="")) returned 1 [0084.573] ResetEvent (hEvent=0x28c) returned 1 [0084.573] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.574] ResetEvent (hEvent=0x28c) returned 1 [0084.574] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.575] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x1e240, dwReserved0=0x0, dwReserved1=0x0, cFileName="instrument.dll", cAlternateFileName="INSTRU~1.DLL")) returned 1 [0084.575] ResetEvent (hEvent=0x28c) returned 1 [0084.575] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.576] ResetEvent (hEvent=0x28c) returned 1 [0084.576] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.577] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="j2pcsc.dll", cAlternateFileName="")) returned 1 [0084.577] ResetEvent (hEvent=0x28c) returned 1 [0084.577] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.578] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xf840, dwReserved0=0x0, dwReserved1=0x0, cFileName="j2pkcs11.dll", cAlternateFileName="")) returned 1 [0084.578] ResetEvent (hEvent=0x28c) returned 1 [0084.578] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.583] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x5240, dwReserved0=0x0, dwReserved1=0x0, cFileName="jaas_nt.dll", cAlternateFileName="")) returned 1 [0084.583] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x8640, dwReserved0=0x0, dwReserved1=0x0, cFileName="jabswitch.exe", cAlternateFileName="JABSWI~1.EXE")) returned 1 [0084.584] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x3e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="java-rmi.exe", cAlternateFileName="")) returned 1 [0084.584] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x27040, dwReserved0=0x0, dwReserved1=0x0, cFileName="java.dll", cAlternateFileName="")) returned 1 [0084.584] ResetEvent (hEvent=0x28c) returned 1 [0084.584] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.655] ResetEvent (hEvent=0x28c) returned 1 [0084.655] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.659] ResetEvent (hEvent=0x28c) returned 1 [0084.659] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.743] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x32840, dwReserved0=0x0, dwReserved1=0x0, cFileName="java.exe", cAlternateFileName="")) returned 1 [0084.743] ResetEvent (hEvent=0x28c) returned 1 [0084.743] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.763] ResetEvent (hEvent=0x28c) returned 1 [0084.763] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.763] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x22c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="JavaAccessBridge-64.dll", cAlternateFileName="JAVAAC~1.DLL")) returned 1 [0084.763] ResetEvent (hEvent=0x28c) returned 1 [0084.763] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.892] ResetEvent (hEvent=0x28c) returned 1 [0084.892] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0084.915] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x2dc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="javacpl.cpl", cAlternateFileName="")) returned 1 [0084.915] ResetEvent (hEvent=0x28c) returned 1 [0084.915] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.048] ResetEvent (hEvent=0x28c) returned 1 [0085.048] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.109] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x13a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="javacpl.exe", cAlternateFileName="")) returned 1 [0085.109] ResetEvent (hEvent=0x28c) returned 1 [0085.109] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.117] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x10e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="javafx_font.dll", cAlternateFileName="JAVAFX~1.DLL")) returned 1 [0085.117] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7453105, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7453105, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x83640, dwReserved0=0x0, dwReserved1=0x0, cFileName="javafx_font_t2k.dll", cAlternateFileName="JAVAFX~2.DLL")) returned 1 [0085.117] ResetEvent (hEvent=0x28c) returned 1 [0085.117] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.128] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x1f440, dwReserved0=0x0, dwReserved1=0x0, cFileName="javafx_iio.dll", cAlternateFileName="JAVAFX~3.DLL")) returned 1 [0085.128] ResetEvent (hEvent=0x28c) returned 1 [0085.128] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.181] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x32840, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaw.exe", cAlternateFileName="")) returned 1 [0085.181] ResetEvent (hEvent=0x28c) returned 1 [0085.181] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.508] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4e040, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaws.exe", cAlternateFileName="")) returned 1 [0085.508] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x7440, dwReserved0=0x0, dwReserved1=0x0, cFileName="java_crw_demo.dll", cAlternateFileName="JAVA_C~1.DLL")) returned 1 [0085.508] ResetEvent (hEvent=0x28c) returned 1 [0085.508] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.525] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x3840, dwReserved0=0x0, dwReserved1=0x0, cFileName="jawt.dll", cAlternateFileName="")) returned 1 [0085.525] ResetEvent (hEvent=0x28c) returned 1 [0085.525] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.548] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x3c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="JAWTAccessBridge-64.dll", cAlternateFileName="JAWTAC~1.DLL")) returned 1 [0085.548] ResetEvent (hEvent=0x28c) returned 1 [0085.548] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.567] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x31440, dwReserved0=0x0, dwReserved1=0x0, cFileName="jdwp.dll", cAlternateFileName="")) returned 1 [0085.567] ResetEvent (hEvent=0x28c) returned 1 [0085.567] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.579] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x6840, dwReserved0=0x0, dwReserved1=0x0, cFileName="jfr.dll", cAlternateFileName="")) returned 1 [0085.579] ResetEvent (hEvent=0x28c) returned 1 [0085.579] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.591] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa747934d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa747934d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x22240, dwReserved0=0x0, dwReserved1=0x0, cFileName="jfxmedia.dll", cAlternateFileName="")) returned 1 [0085.591] ResetEvent (hEvent=0x28c) returned 1 [0085.591] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.630] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7511d3f, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa7511d3f, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa75aa64d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x2794a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="jfxwebkit.dll", cAlternateFileName="JFXWEB~1.DLL")) returned 1 [0085.630] ResetEvent (hEvent=0x28c) returned 1 [0085.630] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.817] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa75aa64d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa75aa64d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa75aa64d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x3e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="jjs.exe", cAlternateFileName="")) returned 1 [0085.817] ResetEvent (hEvent=0x28c) returned 1 [0085.817] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.856] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa75aa64d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa75aa64d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa75aa64d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x2aa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="jli.dll", cAlternateFileName="")) returned 1 [0085.856] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa75aa64d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa75aa64d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa897bfc2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x48440, dwReserved0=0x0, dwReserved1=0x0, cFileName="jp2iexp.dll", cAlternateFileName="")) returned 1 [0085.856] ResetEvent (hEvent=0x28c) returned 1 [0085.856] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.870] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa897bfc2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa897bfc2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89a2223, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x1b640, dwReserved0=0x0, dwReserved1=0x0, cFileName="jp2launcher.exe", cAlternateFileName="JP2LAU~1.EXE")) returned 1 [0085.870] ResetEvent (hEvent=0x28c) returned 1 [0085.870] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.898] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89a2223, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89a2223, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89a2223, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="jp2native.dll", cAlternateFileName="JP2NAT~1.DLL")) returned 1 [0085.898] ResetEvent (hEvent=0x28c) returned 1 [0085.898] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.910] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89a2223, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89a2223, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89a2223, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x39840, dwReserved0=0x0, dwReserved1=0x0, cFileName="jp2ssv.dll", cAlternateFileName="")) returned 1 [0085.910] ResetEvent (hEvent=0x28c) returned 1 [0085.910] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.932] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89a2223, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89a2223, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x2d640, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpeg.dll", cAlternateFileName="")) returned 1 [0085.932] ResetEvent (hEvent=0x28c) returned 1 [0085.932] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0085.943] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4840, dwReserved0=0x0, dwReserved1=0x0, cFileName="jsdt.dll", cAlternateFileName="")) returned 1 [0085.943] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x8a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="jsound.dll", cAlternateFileName="")) returned 1 [0085.944] ResetEvent (hEvent=0x28c) returned 1 [0085.944] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.105] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x7a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="jsoundds.dll", cAlternateFileName="")) returned 1 [0086.105] ResetEvent (hEvent=0x28c) returned 1 [0086.105] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.124] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x35e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="kcms.dll", cAlternateFileName="")) returned 1 [0086.125] ResetEvent (hEvent=0x28c) returned 1 [0086.125] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.198] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="keytool.exe", cAlternateFileName="")) returned 1 [0086.198] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="kinit.exe", cAlternateFileName="")) returned 1 [0086.198] ResetEvent (hEvent=0x28c) returned 1 [0086.198] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.204] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="klist.exe", cAlternateFileName="")) returned 1 [0086.205] ResetEvent (hEvent=0x28c) returned 1 [0086.205] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.215] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="ktab.exe", cAlternateFileName="")) returned 1 [0086.215] ResetEvent (hEvent=0x28c) returned 1 [0086.215] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.239] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x39040, dwReserved0=0x0, dwReserved1=0x0, cFileName="lcms.dll", cAlternateFileName="")) returned 1 [0086.239] ResetEvent (hEvent=0x28c) returned 1 [0086.239] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.262] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x9040, dwReserved0=0x0, dwReserved1=0x0, cFileName="management.dll", cAlternateFileName="MANAGE~1.DLL")) returned 1 [0086.262] ResetEvent (hEvent=0x28c) returned 1 [0086.262] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.275] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x9fa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlib_image.dll", cAlternateFileName="MLIB_I~1.DLL")) returned 1 [0086.275] ResetEvent (hEvent=0x28c) returned 1 [0086.275] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.291] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89c8466, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xa12a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcp120.dll", cAlternateFileName="")) returned 1 [0086.291] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89c8466, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89c8466, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xca750, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr100.dll", cAlternateFileName="")) returned 1 [0086.291] ResetEvent (hEvent=0x28c) returned 1 [0086.291] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.307] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xeb2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr120.dll", cAlternateFileName="")) returned 1 [0086.307] ResetEvent (hEvent=0x28c) returned 1 [0086.307] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.515] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x17a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="net.dll", cAlternateFileName="")) returned 1 [0086.515] ResetEvent (hEvent=0x28c) returned 1 [0086.515] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.529] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xec40, dwReserved0=0x0, dwReserved1=0x0, cFileName="nio.dll", cAlternateFileName="")) returned 1 [0086.530] ResetEvent (hEvent=0x28c) returned 1 [0086.530] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.540] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="npt.dll", cAlternateFileName="")) returned 1 [0086.540] ResetEvent (hEvent=0x28c) returned 1 [0086.540] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.584] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="orbd.exe", cAlternateFileName="")) returned 1 [0086.585] ResetEvent (hEvent=0x28c) returned 1 [0086.585] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.595] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="pack200.exe", cAlternateFileName="")) returned 1 [0086.595] ResetEvent (hEvent=0x28c) returned 1 [0086.595] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.767] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2a2bf, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="plugin2", cAlternateFileName="")) returned 1 [0086.767] GetProcessHeap () returned 0x4b0000 [0086.767] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4fe548 [0086.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\plugin2\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2a2bf, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0086.767] FindNextFileW (in: hFindFile=0x4c05bb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2a2bf, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.767] FindNextFileW (in: hFindFile=0x4c05bb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xca750, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr100.dll", cAlternateFileName="")) returned 1 [0086.767] ResetEvent (hEvent=0x28c) returned 1 [0086.767] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.806] FindNextFileW (in: hFindFile=0x4c05bb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x39440, dwReserved0=0x0, dwReserved1=0x0, cFileName="npjp2.dll", cAlternateFileName="")) returned 1 [0086.807] FindNextFileW (in: hFindFile=0x4c05bb0, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x39440, dwReserved0=0x0, dwReserved1=0x0, cFileName="npjp2.dll", cAlternateFileName="")) returned 0 [0086.807] FindClose (in: hFindFile=0x4c05bb0 | out: hFindFile=0x4c05bb0) returned 1 [0086.807] GetProcessHeap () returned 0x4b0000 [0086.807] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4fe548 | out: hHeap=0x4b0000) returned 1 [0086.807] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="policytool.exe", cAlternateFileName="POLICY~1.EXE")) returned 1 [0086.807] ResetEvent (hEvent=0x28c) returned 1 [0086.807] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.842] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0xe040, dwReserved0=0x0, dwReserved1=0x0, cFileName="prism_common.dll", cAlternateFileName="PRISM_~1.DLL")) returned 1 [0086.842] ResetEvent (hEvent=0x28c) returned 1 [0086.842] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.869] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa89ee6c2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8a148fe, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x1fe40, dwReserved0=0x0, dwReserved1=0x0, cFileName="prism_d3d.dll", cAlternateFileName="PRISM_~2.DLL")) returned 1 [0086.869] ResetEvent (hEvent=0x28c) returned 1 [0086.869] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0086.894] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8a148fe, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8a148fe, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8a148fe, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x17e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="prism_sw.dll", cAlternateFileName="")) returned 1 [0086.894] ResetEvent (hEvent=0x28c) returned 1 [0086.894] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.038] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8a148fe, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8a148fe, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8a148fe, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x3c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.dll", cAlternateFileName="")) returned 1 [0087.038] ResetEvent (hEvent=0x28c) returned 1 [0087.038] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.062] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8a148fe, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8a148fe, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8a148fe, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x3e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmid.exe", cAlternateFileName="")) returned 1 [0087.063] ResetEvent (hEvent=0x28c) returned 1 [0087.063] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.093] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8a148fe, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8a148fe, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8af971e, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmiregistry.exe", cAlternateFileName="RMIREG~1.EXE")) returned 1 [0087.093] ResetEvent (hEvent=0x28c) returned 1 [0087.093] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.117] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8af971e, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2b6c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xab35b530, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="server", cAlternateFileName="")) returned 1 [0087.117] GetProcessHeap () returned 0x4b0000 [0087.117] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4fe548 [0087.118] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\*", lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8af971e, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2b6c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xab35b530, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 [0087.118] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8af971e, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2b6c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xab35b530, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.118] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x21, ftCreationTime.dwLowDateTime=0xab35b530, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xab35b530, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xabaa88bc, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x11d0000, dwReserved0=0x0, dwReserved1=0x0, cFileName="classes.jsa", cAlternateFileName="")) returned 1 [0087.118] ResetEvent (hEvent=0x28c) returned 1 [0087.118] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.127] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b1f9e6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b1f9e6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b1f9e6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x866c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvm.dll", cAlternateFileName="")) returned 1 [0087.128] ResetEvent (hEvent=0x28c) returned 1 [0087.128] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.141] ResetEvent (hEvent=0x28c) returned 1 [0087.141] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.168] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b1f9e6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b1f9e6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b1f9e6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x58f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xusage.txt", cAlternateFileName="")) returned 1 [0087.168] ResetEvent (hEvent=0x28c) returned 1 [0087.168] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.178] FindNextFileW (in: hFindFile=0x4c06030, lpFindFileData=0xe1edc0 | out: lpFindFileData=0xe1edc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b1f9e6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b1f9e6, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b1f9e6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x58f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xusage.txt", cAlternateFileName="")) returned 0 [0087.178] FindClose (in: hFindFile=0x4c06030 | out: hFindFile=0x4c06030) returned 1 [0087.178] GetProcessHeap () returned 0x4b0000 [0087.178] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4fe548 | out: hHeap=0x4b0000) returned 1 [0087.178] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b45bd2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4040, dwReserved0=0x0, dwReserved1=0x0, cFileName="servertool.exe", cAlternateFileName="SERVER~1.EXE")) returned 1 [0087.178] ResetEvent (hEvent=0x28c) returned 1 [0087.178] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.194] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b45bd2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x32040, dwReserved0=0x0, dwReserved1=0x0, cFileName="splashscreen.dll", cAlternateFileName="SPLASH~1.DLL")) returned 1 [0087.194] ResetEvent (hEvent=0x28c) returned 1 [0087.194] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.265] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b45bd2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x8ba40, dwReserved0=0x0, dwReserved1=0x0, cFileName="ssv.dll", cAlternateFileName="")) returned 1 [0087.265] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b45bd2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="ssvagent.exe", cAlternateFileName="")) returned 1 [0087.266] ResetEvent (hEvent=0x28c) returned 1 [0087.266] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.370] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b45bd2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x21240, dwReserved0=0x0, dwReserved1=0x0, cFileName="sunec.dll", cAlternateFileName="")) returned 1 [0087.370] ResetEvent (hEvent=0x28c) returned 1 [0087.370] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.391] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b45bd2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x7c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sunmscapi.dll", cAlternateFileName="SUNMSC~1.DLL")) returned 1 [0087.391] ResetEvent (hEvent=0x28c) returned 1 [0087.391] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0087.400] FindNextFileW (in: hFindFile=0x4c05db0, lpFindFileData=0xe1f050 | out: lpFindFileData=0xe1f050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8b45bd2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x3e440, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2k.dll", cAlternateFileName="")) returned 1 [0087.400] ResetEvent (hEvent=0x28c) returned 1 [0087.400] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) Thread: id = 15 os_tid = 0x4f0 [0052.839] GetProcessHeap () returned 0x4b0000 [0052.839] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x38) returned 0x4c2b10 [0052.839] GetProcessHeap () returned 0x4b0000 [0052.839] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x18) returned 0x4c0d20 [0052.839] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x274 [0052.839] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x278 [0052.839] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x27c [0052.839] GetProcessHeap () returned 0x4b0000 [0052.839] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ee540 [0052.840] GetProcessHeap () returned 0x4b0000 [0052.840] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4d0e70 [0052.840] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0052.840] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0052.840] Wow64DisableWow64FsRedirection (in: OldValue=0xe9f804 | out: OldValue=0xe9f804*=0x0) returned 1 [0052.840] GetProcessHeap () returned 0x4b0000 [0052.840] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0e70 | out: hHeap=0x4b0000) returned 1 [0052.840] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x4048ba, lpParameter=0xe9f808, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x280 [0052.851] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1, lpStartAddress=0x4048ba, lpParameter=0xe9f808, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x284 [0052.851] GetProcessHeap () returned 0x4b0000 [0052.851] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4fe548 [0052.852] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0xe9f578 | out: lpFindFileData=0xe9f578*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="$GetCurrent", cAlternateFileName="$GETCU~1")) returned 0x4c2950 [0052.852] GetProcessHeap () returned 0x4b0000 [0052.852] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0052.853] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0052.857] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0052.857] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Logs", cAlternateFileName="")) returned 1 [0052.857] GetProcessHeap () returned 0x4b0000 [0052.857] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53fc40 [0052.857] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2e50 [0052.862] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.862] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x542c8aac, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0xafe5f7a, ftLastWriteTime.dwHighDateTime=0x1d3273e, nFileSizeHigh=0x0, nFileSizeLow=0xa6b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="downlevel_2017_09_07_02_02_39_766.log", cAlternateFileName="DOWNLE~1.LOG")) returned 1 [0052.862] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x973abb0f, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1774, dwReserved0=0x0, dwReserved1=0x0, cFileName="oobe_2017_09_07_03_08_57_737.log", cAlternateFileName="OOBE_2~1.LOG")) returned 1 [0052.863] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 1 [0052.863] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="PARTNE~1.LOG")) returned 0 [0052.863] FindClose (in: hFindFile=0x4c2e50 | out: hFindFile=0x4c2e50) returned 1 [0052.865] GetProcessHeap () returned 0x4b0000 [0052.865] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53fc40 | out: hHeap=0x4b0000) returned 1 [0052.865] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SafeOS", cAlternateFileName="")) returned 1 [0052.866] GetProcessHeap () returned 0x4b0000 [0052.866] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53fc40 [0052.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0052.869] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9568f13f, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9568f13f, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xfb529700, ftLastWriteTime.dwHighDateTime=0x1d2fc76, nFileSizeHigh=0x0, nFileSizeLow=0x232c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentOOBE.dll", cAlternateFileName="GETCUR~1.DLL")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x956819aa, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x956819aa, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentRollback.ini", cAlternateFileName="GETCUR~1.INI")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x54acc791, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0x54acc791, ftLastWriteTime.dwHighDateTime=0x1d3273a, nFileSizeHigh=0x0, nFileSizeLow=0x241, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupComplete.cmd", cAlternateFileName="PARTNE~1.CMD")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9575af11, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9577d1ec, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="preoobe.cmd", cAlternateFileName="")) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 1 [0052.870] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="SETUPC~1.CMD")) returned 0 [0052.890] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0052.891] GetProcessHeap () returned 0x4b0000 [0052.891] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53fc40 | out: hHeap=0x4b0000) returned 1 [0052.891] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SafeOS", cAlternateFileName="")) returned 0 [0052.891] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0052.892] GetProcessHeap () returned 0x4b0000 [0052.892] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x50e550 | out: hHeap=0x4b0000) returned 1 [0052.892] FindNextFileW (in: hFindFile=0x4c2950, lpFindFileData=0xe9f578 | out: lpFindFileData=0xe9f578*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 1 [0052.893] GetProcessHeap () returned 0x4b0000 [0052.893] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0052.893] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0052.894] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0052.894] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0052.894] GetProcessHeap () returned 0x4b0000 [0052.894] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0052.894] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0052.894] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.894] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.894] FindNextFileW (in: hFindFile=0x4c2dd0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xae73cae3, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0052.894] FindClose (in: hFindFile=0x4c2dd0 | out: hFindFile=0x4c2dd0) returned 1 [0052.895] GetProcessHeap () returned 0x4b0000 [0052.895] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0052.895] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0052.895] GetProcessHeap () returned 0x4b0000 [0052.895] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0052.895] FindFirstFileW (in: lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2e50 [0052.895] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.895] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.896] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0xcb9438a8, ftLastAccessTime.dwHighDateTime=0x1d32714, ftLastWriteTime.dwLowDateTime=0xcb9438a8, ftLastWriteTime.dwHighDateTime=0x1d32714, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0052.896] FindClose (in: hFindFile=0x4c2e50 | out: hFindFile=0x4c2e50) returned 1 [0052.896] GetProcessHeap () returned 0x4b0000 [0052.896] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0052.896] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9438a8, ftCreationTime.dwHighDateTime=0x1d32714, ftLastAccessTime.dwLowDateTime=0x11a5eef8, ftLastAccessTime.dwHighDateTime=0x1d3375b, ftLastWriteTime.dwLowDateTime=0x11a5eef8, ftLastWriteTime.dwHighDateTime=0x1d3375b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0052.896] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0052.896] GetProcessHeap () returned 0x4b0000 [0052.896] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x50e550 | out: hHeap=0x4b0000) returned 1 [0052.897] FindNextFileW (in: hFindFile=0x4c2950, lpFindFileData=0xe9f578 | out: lpFindFileData=0xe9f578*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x85776261, ftCreationTime.dwHighDateTime=0x1d3276f, ftLastAccessTime.dwLowDateTime=0x85776261, ftLastAccessTime.dwHighDateTime=0x1d3276f, ftLastWriteTime.dwLowDateTime=0x85776261, ftLastWriteTime.dwHighDateTime=0x1d3276f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="$WINRE_BACKUP_PARTITION.MARKER", cAlternateFileName="$WINRE~1.MAR")) returned 1 [0052.897] FindNextFileW (in: hFindFile=0x4c2950, lpFindFileData=0xe9f578 | out: lpFindFileData=0xe9f578*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="588bce7c90097ed212", cAlternateFileName="588BCE~1")) returned 1 [0052.897] GetProcessHeap () returned 0x4b0000 [0052.897] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0052.897] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2e50 [0052.898] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf39a4e7e, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0052.898] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1025", cAlternateFileName="")) returned 1 [0052.898] GetProcessHeap () returned 0x4b0000 [0052.898] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0052.899] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0052.900] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.900] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1d8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0052.900] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x121e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0052.900] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0052.900] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0052.900] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0052.901] GetProcessHeap () returned 0x4b0000 [0052.901] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0052.901] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1028", cAlternateFileName="")) returned 1 [0052.901] GetProcessHeap () returned 0x4b0000 [0052.902] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0052.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0052.904] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.904] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0052.904] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0052.904] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0052.904] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0052.904] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0052.905] GetProcessHeap () returned 0x4b0000 [0052.905] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0052.905] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1029", cAlternateFileName="")) returned 1 [0052.905] GetProcessHeap () returned 0x4b0000 [0052.905] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0052.905] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0052.907] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.907] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0052.907] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0052.907] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0052.907] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0052.908] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0052.908] GetProcessHeap () returned 0x4b0000 [0052.908] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0052.909] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1030", cAlternateFileName="")) returned 1 [0052.909] GetProcessHeap () returned 0x4b0000 [0052.909] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0052.909] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0052.911] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.911] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xcf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0052.911] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0052.911] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0052.911] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0052.911] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.046] GetProcessHeap () returned 0x4b0000 [0053.046] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.046] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1031", cAlternateFileName="")) returned 1 [0053.047] GetProcessHeap () returned 0x4b0000 [0053.047] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2910 [0053.048] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.048] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.048] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.048] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.048] FindNextFileW (in: hFindFile=0x4c2910, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.048] FindClose (in: hFindFile=0x4c2910 | out: hFindFile=0x4c2910) returned 1 [0053.048] GetProcessHeap () returned 0x4b0000 [0053.048] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.048] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1032", cAlternateFileName="")) returned 1 [0053.048] GetProcessHeap () returned 0x4b0000 [0053.048] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.049] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.050] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.050] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x22ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.050] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1510c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.050] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.050] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.051] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.051] GetProcessHeap () returned 0x4b0000 [0053.051] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.051] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1033", cAlternateFileName="")) returned 1 [0053.051] GetProcessHeap () returned 0x4b0000 [0053.051] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.052] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.052] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd723cc00, ftCreationTime.dwHighDateTime=0x1cabb47, ftLastAccessTime.dwLowDateTime=0xd723cc00, ftLastAccessTime.dwHighDateTime=0x1cabb47, ftLastWriteTime.dwLowDateTime=0xd723cc00, ftLastWriteTime.dwHighDateTime=0x1cabb47, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.052] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x47ad1a00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x47ad1a00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x47ad1a00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12db0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.052] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.052] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.052] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.052] GetProcessHeap () returned 0x4b0000 [0053.053] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.053] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1035", cAlternateFileName="")) returned 1 [0053.053] GetProcessHeap () returned 0x4b0000 [0053.053] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.054] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.054] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.054] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12cde, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.054] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.054] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.054] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.054] GetProcessHeap () returned 0x4b0000 [0053.054] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.055] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1036", cAlternateFileName="")) returned 1 [0053.055] GetProcessHeap () returned 0x4b0000 [0053.055] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.055] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.055] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.056] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.056] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x14412, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.056] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.056] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.056] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.056] GetProcessHeap () returned 0x4b0000 [0053.056] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.056] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1037", cAlternateFileName="")) returned 1 [0053.056] GetProcessHeap () returned 0x4b0000 [0053.056] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.057] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.057] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.057] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1198c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.057] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.057] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.057] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.057] GetProcessHeap () returned 0x4b0000 [0053.057] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.057] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1038", cAlternateFileName="")) returned 1 [0053.058] GetProcessHeap () returned 0x4b0000 [0053.058] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.058] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.058] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.058] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x151aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.058] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.058] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.058] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.058] GetProcessHeap () returned 0x4b0000 [0053.058] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.059] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1040", cAlternateFileName="")) returned 1 [0053.059] GetProcessHeap () returned 0x4b0000 [0053.059] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.059] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.060] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.060] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.060] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x138bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.060] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.060] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.060] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.060] GetProcessHeap () returned 0x4b0000 [0053.060] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.060] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1041", cAlternateFileName="")) returned 1 [0053.060] GetProcessHeap () returned 0x4b0000 [0053.060] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.061] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.061] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.061] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x10a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.062] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.062] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.062] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.062] GetProcessHeap () returned 0x4b0000 [0053.062] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.062] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1042", cAlternateFileName="")) returned 1 [0053.062] GetProcessHeap () returned 0x4b0000 [0053.062] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.063] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.063] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x318f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.063] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xfed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.063] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.063] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.063] FindClose (in: hFindFile=0x4c2c10 | out: hFindFile=0x4c2c10) returned 1 [0053.063] GetProcessHeap () returned 0x4b0000 [0053.063] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.063] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1043", cAlternateFileName="")) returned 1 [0053.063] GetProcessHeap () returned 0x4b0000 [0053.063] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.064] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.064] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.064] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdda, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.064] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13712, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.064] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.064] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.064] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.064] GetProcessHeap () returned 0x4b0000 [0053.064] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.065] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1044", cAlternateFileName="")) returned 1 [0053.065] GetProcessHeap () returned 0x4b0000 [0053.065] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.066] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.066] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.066] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x135c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.066] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.066] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.066] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.066] GetProcessHeap () returned 0x4b0000 [0053.066] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.067] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1045", cAlternateFileName="")) returned 1 [0053.067] GetProcessHeap () returned 0x4b0000 [0053.067] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.067] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.068] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.068] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.068] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.068] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.069] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.069] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.069] GetProcessHeap () returned 0x4b0000 [0053.069] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.069] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1046", cAlternateFileName="")) returned 1 [0053.069] GetProcessHeap () returned 0x4b0000 [0053.069] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.070] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.070] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.070] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13b62, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.070] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.070] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.070] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.070] GetProcessHeap () returned 0x4b0000 [0053.070] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.071] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1049", cAlternateFileName="")) returned 1 [0053.071] GetProcessHeap () returned 0x4b0000 [0053.071] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.071] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.071] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.071] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.071] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.072] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.072] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.072] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.072] GetProcessHeap () returned 0x4b0000 [0053.072] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.072] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1053", cAlternateFileName="")) returned 1 [0053.072] GetProcessHeap () returned 0x4b0000 [0053.072] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.072] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.073] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.073] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf19, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.073] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.073] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.073] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.073] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.073] GetProcessHeap () returned 0x4b0000 [0053.073] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.074] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="1055", cAlternateFileName="")) returned 1 [0053.074] GetProcessHeap () returned 0x4b0000 [0053.074] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.074] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.075] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.075] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.075] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.075] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.075] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.075] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.075] GetProcessHeap () returned 0x4b0000 [0053.075] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.075] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="2052", cAlternateFileName="")) returned 1 [0053.075] GetProcessHeap () returned 0x4b0000 [0053.075] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.076] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.076] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.076] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x16c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.076] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.076] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.076] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.076] FindClose (in: hFindFile=0x4c28d0 | out: hFindFile=0x4c28d0) returned 1 [0053.076] GetProcessHeap () returned 0x4b0000 [0053.076] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.077] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="2070", cAlternateFileName="")) returned 1 [0053.077] GetProcessHeap () returned 0x4b0000 [0053.077] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.077] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c90 [0053.077] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.077] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.077] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1397e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.077] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.077] FindNextFileW (in: hFindFile=0x4c2c90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.077] FindClose (in: hFindFile=0x4c2c90 | out: hFindFile=0x4c2c90) returned 1 [0053.078] GetProcessHeap () returned 0x4b0000 [0053.078] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.078] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="3076", cAlternateFileName="")) returned 1 [0053.078] GetProcessHeap () returned 0x4b0000 [0053.078] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.078] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.079] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.079] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.079] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.079] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.079] FindClose (in: hFindFile=0x4c2c10 | out: hFindFile=0x4c2c10) returned 1 [0053.079] GetProcessHeap () returned 0x4b0000 [0053.079] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.079] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="3082", cAlternateFileName="")) returned 1 [0053.079] GetProcessHeap () returned 0x4b0000 [0053.079] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.080] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.080] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37b4fe2, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.080] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0053.080] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1387c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="LOCALI~1.XML")) returned 1 [0053.080] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 1 [0053.080] FindNextFileW (in: hFindFile=0x4c2c10, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="SETUPR~1.DLL")) returned 0 [0053.080] FindClose (in: hFindFile=0x4c2c10 | out: hFindFile=0x4c2c10) returned 1 [0053.081] GetProcessHeap () returned 0x4b0000 [0053.081] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.081] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Client", cAlternateFileName="")) returned 1 [0053.081] GetProcessHeap () returned 0x4b0000 [0053.081] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.214] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3768b28, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.214] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce2bc00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0xce2bc00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0xce2bc00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x31444, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0053.214] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0053.214] FindNextFileW (in: hFindFile=0x4c2c50, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x9882, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0053.214] FindClose (in: hFindFile=0x4c2c50 | out: hFindFile=0x4c2c50) returned 1 [0053.214] GetProcessHeap () returned 0x4b0000 [0053.214] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.215] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbc518d00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbc518d00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbc518d00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3ef6, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="DHtmlHeader.html", cAlternateFileName="DHTMLH~1.HTM")) returned 1 [0053.215] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x159d5, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="DisplayIcon.ico", cAlternateFileName="DISPLA~1.ICO")) returned 1 [0053.215] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Extended", cAlternateFileName="")) returned 1 [0053.215] GetProcessHeap () returned 0x4b0000 [0053.215] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.215] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2990 [0053.215] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf378ed8a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf378ed8a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf378ed8a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.215] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2a714f00, ftCreationTime.dwHighDateTime=0x1cac6f0, ftLastAccessTime.dwLowDateTime=0x2a714f00, ftLastAccessTime.dwHighDateTime=0x1cac6f0, ftLastWriteTime.dwLowDateTime=0x2a714f00, ftLastWriteTime.dwHighDateTime=0x1cac6f0, nFileSizeHigh=0x0, nFileSizeLow=0x16c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parameterinfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0053.215] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0053.215] FindNextFileW (in: hFindFile=0x4c2990, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x988a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UiInfo.xml", cAlternateFileName="")) returned 0 [0053.216] FindClose (in: hFindFile=0x4c2990 | out: hFindFile=0x4c2990) returned 1 [0053.216] GetProcessHeap () returned 0x4b0000 [0053.216] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.216] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Graphics", cAlternateFileName="")) returned 1 [0053.216] GetProcessHeap () returned 0x4b0000 [0053.216] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.216] FindFirstFileW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf36f6419, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf371c69a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf371c69a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Print.ico", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate1.ico", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate2.ico", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate3.ico", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate4.ico", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate5.ico", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate6.ico", cAlternateFileName="")) returned 1 [0053.217] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate7.ico", cAlternateFileName="")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rotate8.ico", cAlternateFileName="")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Save.ico", cAlternateFileName="")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x8f66, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.ico", cAlternateFileName="")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b5e7f00, ftCreationTime.dwHighDateTime=0x1ca927c, ftLastAccessTime.dwLowDateTime=0x5b5e7f00, ftLastAccessTime.dwHighDateTime=0x1ca927c, ftLastWriteTime.dwLowDateTime=0x5b5e7f00, ftLastWriteTime.dwHighDateTime=0x1ca927c, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="stop.ico", cAlternateFileName="")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqMet.ico", cAlternateFileName="SYSREQ~1.ICO")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x47e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysReqNotMet.ico", cAlternateFileName="SYSREQ~2.ICO")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 1 [0053.218] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd82ba00, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xbd82ba00, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xbd82ba00, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x2796, dwReserved0=0x0, dwReserved1=0x0, cFileName="warn.ico", cAlternateFileName="")) returned 0 [0053.218] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.219] GetProcessHeap () returned 0x4b0000 [0053.219] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x53ec38 | out: hHeap=0x4b0000) returned 1 [0053.219] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0xe2c, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="header.bmp", cAlternateFileName="")) returned 1 [0053.219] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x66ea7e00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0x66ea7e00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0x66ea7e00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0xad1384b, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Core.mzz", cAlternateFileName="NETFX_~1.MZZ")) returned 1 [0053.219] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc183da00, ftCreationTime.dwHighDateTime=0x1cac6e3, ftLastAccessTime.dwLowDateTime=0xc183da00, ftLastAccessTime.dwHighDateTime=0x1cac6e3, ftLastWriteTime.dwLowDateTime=0xc183da00, ftLastWriteTime.dwHighDateTime=0x1cac6e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d0200, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Core_x64.msi", cAlternateFileName="NETFX_~1.MSI")) returned 1 [0053.219] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4c130c00, ftCreationTime.dwHighDateTime=0x1cac6d9, ftLastAccessTime.dwLowDateTime=0x4c130c00, ftLastAccessTime.dwHighDateTime=0x1cac6d9, ftLastWriteTime.dwLowDateTime=0x4c130c00, ftLastWriteTime.dwHighDateTime=0x1cac6d9, nFileSizeHigh=0x0, nFileSizeLow=0x11c000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Core_x86.msi", cAlternateFileName="NETFX_~2.MSI")) returned 1 [0053.219] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74cd515, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf74cd515, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf7cd9415, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x29222c7, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Extended.mzz", cAlternateFileName="NETFX_~2.MZZ")) returned 1 [0053.219] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2dbe0800, ftCreationTime.dwHighDateTime=0x1cac6fb, ftLastAccessTime.dwLowDateTime=0x2dbe0800, ftLastAccessTime.dwHighDateTime=0x1cac6fb, ftLastWriteTime.dwLowDateTime=0x2dbe0800, ftLastWriteTime.dwHighDateTime=0x1cac6fb, nFileSizeHigh=0x0, nFileSizeLow=0xd5000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Extended_x64.msi", cAlternateFileName="NETFX_~3.MSI")) returned 1 [0053.219] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7626f700, ftCreationTime.dwHighDateTime=0x1cac6f6, ftLastAccessTime.dwLowDateTime=0x7626f700, ftLastAccessTime.dwHighDateTime=0x1cac6f6, ftLastWriteTime.dwLowDateTime=0x7626f700, ftLastWriteTime.dwHighDateTime=0x1cac6f6, nFileSizeHigh=0x0, nFileSizeLow=0x79000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="netfx_Extended_x86.msi", cAlternateFileName="NETFX_~4.MSI")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4a0f7400, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x4a0f7400, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x4a0f7400, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x426ae, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="ParameterInfo.xml", cAlternateFileName="PARAME~1.XML")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x19dedd00, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x19dedd00, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x19dedd00, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x2d200, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="RGB9RAST_x64.msi", cAlternateFileName="RGB9RA~1.MSI")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x177c8300, ftCreationTime.dwHighDateTime=0x1ca2a1b, ftLastAccessTime.dwLowDateTime=0x177c8300, ftLastAccessTime.dwHighDateTime=0x1ca2a1b, ftLastWriteTime.dwLowDateTime=0x177c8300, ftLastWriteTime.dwHighDateTime=0x1ca2a1b, nFileSizeHigh=0x0, nFileSizeLow=0x17200, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="RGB9Rast_x86.msi", cAlternateFileName="RGB9RA~2.MSI")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x13148, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Setup.exe", cAlternateFileName="")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0xc5158, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupEngine.dll", cAlternateFileName="SETUPE~1.DLL")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x48150, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupUi.dll", cAlternateFileName="")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5381000, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x5381000, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x5381000, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x75a8, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupUi.xsd", cAlternateFileName="")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6519be00, ftCreationTime.dwHighDateTime=0x1cac6d5, ftLastAccessTime.dwLowDateTime=0x6519be00, ftLastAccessTime.dwHighDateTime=0x1cac6d5, ftLastWriteTime.dwLowDateTime=0x6519be00, ftLastWriteTime.dwHighDateTime=0x1cac6d5, nFileSizeHigh=0x0, nFileSizeLow=0x17758, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SetupUtility.exe", cAlternateFileName="SETUPU~1.EXE")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0xa078, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="SplashScreen.bmp", cAlternateFileName="SPLASH~1.BMP")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x143bc400, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0x143bc400, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0x143bc400, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x23420, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="sqmapi.dll", cAlternateFileName="")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce333000, ftCreationTime.dwHighDateTime=0x1ca2a28, ftLastAccessTime.dwLowDateTime=0xce333000, ftLastAccessTime.dwHighDateTime=0x1ca2a28, ftLastWriteTime.dwLowDateTime=0xce333000, ftLastWriteTime.dwHighDateTime=0x1ca2a28, nFileSizeHigh=0x0, nFileSizeLow=0x3704, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Strings.xml", cAlternateFileName="")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79a6a00, ftCreationTime.dwHighDateTime=0x1ca5de3, ftLastAccessTime.dwLowDateTime=0x79a6a00, ftLastAccessTime.dwHighDateTime=0x1ca5de3, ftLastWriteTime.dwLowDateTime=0x79a6a00, ftLastWriteTime.dwHighDateTime=0x1ca5de3, nFileSizeHigh=0x0, nFileSizeLow=0x97f2, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="UiInfo.xml", cAlternateFileName="")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x87910600, ftCreationTime.dwHighDateTime=0x1ca2a27, ftLastAccessTime.dwLowDateTime=0x87910600, ftLastAccessTime.dwHighDateTime=0x1ca2a27, ftLastWriteTime.dwLowDateTime=0x87910600, ftLastWriteTime.dwHighDateTime=0x1ca2a27, nFileSizeHigh=0x0, nFileSizeLow=0x19688, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="watermark.bmp", cAlternateFileName="WATERM~1.BMP")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2120bc00, ftCreationTime.dwHighDateTime=0x1cac6c9, ftLastAccessTime.dwLowDateTime=0x2120bc00, ftLastAccessTime.dwHighDateTime=0x1cac6c9, ftLastWriteTime.dwLowDateTime=0x2120bc00, ftLastWriteTime.dwHighDateTime=0x1cac6c9, nFileSizeHigh=0x0, nFileSizeLow=0x4f5113, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.0-KB956250-v6001-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0053.220] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1bbe7400, ftCreationTime.dwHighDateTime=0x1cac6bf, ftLastAccessTime.dwLowDateTime=0x1bbe7400, ftLastAccessTime.dwHighDateTime=0x1cac6bf, ftLastWriteTime.dwLowDateTime=0x1bbe7400, ftLastWriteTime.dwHighDateTime=0x1cac6bf, nFileSizeHigh=0x0, nFileSizeLow=0x217520, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.0-KB956250-v6001-x86.msu", cAlternateFileName="WINDOW~2.MSU")) returned 1 [0053.221] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b8e5700, ftCreationTime.dwHighDateTime=0x1cac6d1, ftLastAccessTime.dwLowDateTime=0x5b8e5700, ftLastAccessTime.dwHighDateTime=0x1cac6d1, ftLastWriteTime.dwLowDateTime=0x5b8e5700, ftLastWriteTime.dwHighDateTime=0x1cac6d1, nFileSizeHigh=0x0, nFileSizeLow=0x4db1ce, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.1-KB958488-v6001-x64.msu", cAlternateFileName="WINDOW~3.MSU")) returned 1 [0053.221] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 1 [0053.221] FindNextFileW (in: hFindFile=0x4c2e50, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ac5d00, ftCreationTime.dwHighDateTime=0x1cac6ce, ftLastAccessTime.dwLowDateTime=0xd0ac5d00, ftLastAccessTime.dwHighDateTime=0x1cac6ce, ftLastWriteTime.dwLowDateTime=0xd0ac5d00, ftLastWriteTime.dwHighDateTime=0x1cac6ce, nFileSizeHigh=0x0, nFileSizeLow=0x20acf9, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="Windows6.1-KB958488-v6001-x86.msu", cAlternateFileName="WINDOW~4.MSU")) returned 0 [0053.221] FindClose (in: hFindFile=0x4c2e50 | out: hFindFile=0x4c2e50) returned 1 [0053.221] GetProcessHeap () returned 0x4b0000 [0053.221] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x50e550 | out: hHeap=0x4b0000) returned 1 [0053.221] FindNextFileW (in: hFindFile=0x4c2950, lpFindFileData=0xe9f578 | out: lpFindFileData=0xe9f578*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6fa258, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6fa258, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4d0e7d, dwReserved1=0x75e90100, cFileName="Boot", cAlternateFileName="")) returned 1 [0053.221] GetProcessHeap () returned 0x4b0000 [0053.221] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0053.222] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9d311c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef9d311c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.473] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef9d311c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef9d311c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="..", cAlternateFileName="")) returned 1 [0053.473] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xac3efa99, ftLastAccessTime.dwHighDateTime=0x1d4d5d3, ftLastWriteTime.dwLowDateTime=0xac3efa99, ftLastWriteTime.dwHighDateTime=0x1d4d5d3, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD", cAlternateFileName="")) returned 1 [0053.473] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0053.473] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0053.474] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc4c800b6, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4c800b6, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4c800b6, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0053.474] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0053.474] GetProcessHeap () returned 0x4b0000 [0053.474] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.474] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\bg-BG\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.474] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47952ba, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc47bb525, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.474] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210bba74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.474] FindNextFileW (in: hFindFile=0x4c2b90, lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc47bb525, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0x210bba74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.475] FindClose (in: hFindFile=0x4c2b90 | out: hFindFile=0x4c2b90) returned 1 [0053.475] GetProcessHeap () returned 0x4b0000 [0053.475] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.475] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef4e6d79, ftCreationTime.dwHighDateTime=0x1d3273d, ftLastAccessTime.dwLowDateTime=0xef4e6d79, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x175a0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="bootspaces.dll", cAlternateFileName="BOOTSP~1.DLL")) returned 1 [0053.475] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc498516b, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xef703e94, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0053.475] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef4fcd12, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xf2d79a60, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x185a0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="bootvhd.dll", cAlternateFileName="")) returned 1 [0053.475] FindNextFileW (in: hFindFile=0x4c28d0, lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef511a4c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0053.475] GetProcessHeap () returned 0x4b0000 [0053.475] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47bb525, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef511a4c, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef511a4c, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.475] GetProcessHeap () returned 0x4b0000 [0053.475] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.475] GetProcessHeap () returned 0x4b0000 [0053.475] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47e189c, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0008dbb, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5252b3, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c90 [0053.475] GetProcessHeap () returned 0x4b0000 [0053.475] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.475] GetProcessHeap () returned 0x4b0000 [0053.476] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48079da, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0009692, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef538bee, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef555ff8, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef555ff8, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-GB\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc482dc87, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc482dc87, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc482dc87, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef57d0f5, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef57d0f5, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.476] GetProcessHeap () returned 0x4b0000 [0053.476] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.476] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000b9ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef586d37, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-MX\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4853f40, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000c12e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc4853f40, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\et-EE\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc487a0b9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc487a0b9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa000cf3a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef59a5b1, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.477] GetProcessHeap () returned 0x4b0000 [0053.477] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc49ab3c7, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0109451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef999ae4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.479] GetProcessHeap () returned 0x4b0000 [0053.479] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.479] GetProcessHeap () returned 0x4b0000 [0053.479] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-CA\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc487a0b9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.479] GetProcessHeap () returned 0x4b0000 [0053.479] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.479] GetProcessHeap () returned 0x4b0000 [0053.479] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010bc12, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ade2b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.479] GetProcessHeap () returned 0x4b0000 [0053.479] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.479] GetProcessHeap () returned 0x4b0000 [0053.479] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hr-HR\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48a0490, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48a0490, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.480] GetProcessHeap () returned 0x4b0000 [0053.480] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.480] GetProcessHeap () returned 0x4b0000 [0053.480] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010c5ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5c171b, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2cd0 [0053.480] GetProcessHeap () returned 0x4b0000 [0053.480] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.480] GetProcessHeap () returned 0x4b0000 [0053.480] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48a0490, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010ccad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5d8ab4, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.481] GetProcessHeap () returned 0x4b0000 [0053.481] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.481] GetProcessHeap () returned 0x4b0000 [0053.481] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.481] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010d0c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef5ed6c6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c90 [0053.481] GetProcessHeap () returned 0x4b0000 [0053.481] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.482] GetProcessHeap () returned 0x4b0000 [0053.482] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48c6596, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef5fc210, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef5fc210, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.482] GetProcessHeap () returned 0x4b0000 [0053.482] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.482] GetProcessHeap () returned 0x4b0000 [0053.482] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\lt-LT\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.483] GetProcessHeap () returned 0x4b0000 [0053.483] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.483] GetProcessHeap () returned 0x4b0000 [0053.483] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.483] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\lv-LV\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc48ec805, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc48ec805, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc48ec805, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.483] GetProcessHeap () returned 0x4b0000 [0053.483] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.483] GetProcessHeap () returned 0x4b0000 [0053.483] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.483] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e138, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef62cf52, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0053.484] GetProcessHeap () returned 0x4b0000 [0053.484] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.484] GetProcessHeap () returned 0x4b0000 [0053.484] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010e4fa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6407cf, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.484] GetProcessHeap () returned 0x4b0000 [0053.484] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.484] GetProcessHeap () returned 0x4b0000 [0053.484] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef65403a, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef65403a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.485] GetProcessHeap () returned 0x4b0000 [0053.485] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.485] GetProcessHeap () returned 0x4b0000 [0053.485] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.485] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4912aed, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6678d6, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6678d6, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.486] GetProcessHeap () returned 0x4b0000 [0053.486] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.486] GetProcessHeap () returned 0x4b0000 [0053.486] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f167, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6714dc, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2e50 [0053.487] GetProcessHeap () returned 0x4b0000 [0053.487] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.487] GetProcessHeap () returned 0x4b0000 [0053.487] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa010f640, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef684d85, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2e50 [0053.487] GetProcessHeap () returned 0x4b0000 [0053.487] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.487] GetProcessHeap () returned 0x4b0000 [0053.487] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Resources\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ab61e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9abff9, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.488] GetProcessHeap () returned 0x4b0000 [0053.488] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bb0070 [0053.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Resources\\en-US\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c33ce4, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01ac01e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef9baa67, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.488] GetProcessHeap () returned 0x4b0000 [0053.488] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bb0070 | out: hHeap=0x4b0000) returned 1 [0053.489] GetProcessHeap () returned 0x4b0000 [0053.489] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.489] GetProcessHeap () returned 0x4b0000 [0053.489] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ro-RO\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2e50 [0053.491] GetProcessHeap () returned 0x4b0000 [0053.491] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.491] GetProcessHeap () returned 0x4b0000 [0053.491] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef698608, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef698608, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.491] GetProcessHeap () returned 0x4b0000 [0053.491] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.491] GetProcessHeap () returned 0x4b0000 [0053.491] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sk-SK\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc4938cb0, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc4938cb0, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2bd0 [0053.492] GetProcessHeap () returned 0x4b0000 [0053.492] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.492] GetProcessHeap () returned 0x4b0000 [0053.492] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sl-SI\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4938cb0, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.492] GetProcessHeap () returned 0x4b0000 [0053.492] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.492] GetProcessHeap () returned 0x4b0000 [0053.492] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0x5168548b, ftLastAccessTime.dwHighDateTime=0x1d3271b, ftLastWriteTime.dwLowDateTime=0x5168548b, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.493] GetProcessHeap () returned 0x4b0000 [0053.493] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.493] GetProcessHeap () returned 0x4b0000 [0053.493] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sr-Latn-RS\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xc495eef9, ftLastAccessTime.dwHighDateTime=0x1d32764, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.493] GetProcessHeap () returned 0x4b0000 [0053.493] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.493] GetProcessHeap () returned 0x4b0000 [0053.493] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa01adf43, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6a2250, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.494] GetProcessHeap () returned 0x4b0000 [0053.494] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.494] GetProcessHeap () returned 0x4b0000 [0053.494] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206504, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6b5aca, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.494] GetProcessHeap () returned 0x4b0000 [0053.494] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.494] GetProcessHeap () returned 0x4b0000 [0053.494] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\uk-UA\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc495eef9, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0206a30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc495eef9, ftLastWriteTime.dwHighDateTime=0x1d32764, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.495] GetProcessHeap () returned 0x4b0000 [0053.495] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.495] GetProcessHeap () returned 0x4b0000 [0053.495] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207100, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xef6d7e9a, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.496] GetProcessHeap () returned 0x4b0000 [0053.496] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.496] GetProcessHeap () returned 0x4b0000 [0053.496] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xa0207675, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x518ea25e, ftLastWriteTime.dwHighDateTime=0x1d3271b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.496] GetProcessHeap () returned 0x4b0000 [0053.496] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.496] GetProcessHeap () returned 0x4b0000 [0053.496] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba0068 [0053.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc498516b, ftCreationTime.dwHighDateTime=0x1d32764, ftLastAccessTime.dwLowDateTime=0xef6e6901, ftLastAccessTime.dwHighDateTime=0x1d3273d, ftLastWriteTime.dwLowDateTime=0xef6e6901, ftLastWriteTime.dwHighDateTime=0x1d3273d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.497] GetProcessHeap () returned 0x4b0000 [0053.497] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba0068 | out: hHeap=0x4b0000) returned 1 [0053.497] GetProcessHeap () returned 0x4b0000 [0053.497] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x50e550 | out: hHeap=0x4b0000) returned 1 [0053.498] GetProcessHeap () returned 0x4b0000 [0053.498] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0053.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ESD\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c2b2eaf, ftCreationTime.dwHighDateTime=0x1d32718, ftLastAccessTime.dwLowDateTime=0xc1969407, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc1969407, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.678] GetProcessHeap () returned 0x4b0000 [0053.678] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x50e550 | out: hHeap=0x4b0000) returned 1 [0053.678] GetProcessHeap () returned 0x4b0000 [0053.678] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0053.678] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Logs\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdf1d773, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa03727f1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xfd9ec80, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.691] GetProcessHeap () returned 0x4b0000 [0053.691] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x50e550 | out: hHeap=0x4b0000) returned 1 [0053.691] GetProcessHeap () returned 0x4b0000 [0053.691] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0053.691] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa03748ae, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17b3dd09, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.692] GetProcessHeap () returned 0x4b0000 [0053.692] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x50e550 | out: hHeap=0x4b0000) returned 1 [0053.692] GetProcessHeap () returned 0x4b0000 [0053.692] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x50e550 [0053.692] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\*", lpFindFileData=0xe9f2e8 | out: lpFindFileData=0xe9f2e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7563b133, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7563b133, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x240010, dwReserved1=0x450047, cFileName=".", cAlternateFileName="")) returned 0x4c2d10 [0053.692] GetProcessHeap () returned 0x4b0000 [0053.692] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0053.692] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7173d5c8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x7173d5c8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c28d0 [0053.692] GetProcessHeap () returned 0x4b0000 [0053.692] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bb2080 [0053.692] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x4aab75fe, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0xa0417b85, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4aadd873, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.693] GetProcessHeap () returned 0x4b0000 [0053.693] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bb2080 | out: hHeap=0x4b0000) returned 1 [0053.694] GetProcessHeap () returned 0x4b0000 [0053.694] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bb2080 [0053.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa04663f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x4accd6e1, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2b90 [0053.694] GetProcessHeap () returned 0x4b0000 [0053.694] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0053.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf6c42af, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x81028f76, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x81028f76, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.695] GetProcessHeap () returned 0x4b0000 [0053.695] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0053.695] GetProcessHeap () returned 0x4b0000 [0053.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0053.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b3dd09, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb3e1c92c, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb3e1c92c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c10 [0053.696] GetProcessHeap () returned 0x4b0000 [0053.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.697] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ar-SA\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05532b6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.697] GetProcessHeap () returned 0x4b0000 [0053.697] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.698] GetProcessHeap () returned 0x4b0000 [0053.698] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\bg-BG\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0553f37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2cd0 [0053.698] GetProcessHeap () returned 0x4b0000 [0053.698] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.698] GetProcessHeap () returned 0x4b0000 [0053.698] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\cs-CZ\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0554b83, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.698] GetProcessHeap () returned 0x4b0000 [0053.698] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.698] GetProcessHeap () returned 0x4b0000 [0053.698] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\da-DK\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05550d5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.699] GetProcessHeap () returned 0x4b0000 [0053.699] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.699] GetProcessHeap () returned 0x4b0000 [0053.699] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\de-DE\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0555b2c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.699] GetProcessHeap () returned 0x4b0000 [0053.699] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.699] GetProcessHeap () returned 0x4b0000 [0053.699] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\el-GR\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa055662c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.700] GetProcessHeap () returned 0x4b0000 [0053.700] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.700] GetProcessHeap () returned 0x4b0000 [0053.700] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.700] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-GB\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0557085, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.700] GetProcessHeap () returned 0x4b0000 [0053.700] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.700] GetProcessHeap () returned 0x4b0000 [0053.700] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.700] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\en-US\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05dd09d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe8231541, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.702] GetProcessHeap () returned 0x4b0000 [0053.702] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.702] GetProcessHeap () returned 0x4b0000 [0053.702] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.702] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\es-ES\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05ddf5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.703] GetProcessHeap () returned 0x4b0000 [0053.703] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.703] GetProcessHeap () returned 0x4b0000 [0053.703] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\es-MX\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05dea14, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.703] GetProcessHeap () returned 0x4b0000 [0053.703] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.703] GetProcessHeap () returned 0x4b0000 [0053.703] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\et-EE\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05df011, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.704] GetProcessHeap () returned 0x4b0000 [0053.704] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.704] GetProcessHeap () returned 0x4b0000 [0053.704] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fi-FI\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa05df7b6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.704] GetProcessHeap () returned 0x4b0000 [0053.704] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.704] GetProcessHeap () returned 0x4b0000 [0053.704] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fr-CA\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0635c03, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.705] GetProcessHeap () returned 0x4b0000 [0053.705] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.705] GetProcessHeap () returned 0x4b0000 [0053.705] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.705] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fr-FR\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06369df, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a32dfff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.705] GetProcessHeap () returned 0x4b0000 [0053.705] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0053.705] GetProcessHeap () returned 0x4b0000 [0053.705] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bd40a0 [0053.705] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0637839, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2cd0 [0053.707] GetProcessHeap () returned 0x4b0000 [0053.707] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0638633, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.708] GetProcessHeap () returned 0x4b0000 [0053.708] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.708] GetProcessHeap () returned 0x4b0000 [0053.708] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\insert\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0638c00, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.712] GetProcessHeap () returned 0x4b0000 [0053.712] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.712] GetProcessHeap () returned 0x4b0000 [0053.712] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\keypad\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa063932e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a354279, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.712] GetProcessHeap () returned 0x4b0000 [0053.712] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.712] GetProcessHeap () returned 0x4b0000 [0053.712] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\main\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cd023, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.714] GetProcessHeap () returned 0x4b0000 [0053.714] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.714] GetProcessHeap () returned 0x4b0000 [0053.714] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.714] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\oskclearui\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cdb88, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.715] GetProcessHeap () returned 0x4b0000 [0053.715] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.715] GetProcessHeap () returned 0x4b0000 [0053.715] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\oskmenu\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06ce328, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.715] GetProcessHeap () returned 0x4b0000 [0053.715] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.715] GetProcessHeap () returned 0x4b0000 [0053.715] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\osknav\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06ce7a1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.716] GetProcessHeap () returned 0x4b0000 [0053.716] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.716] GetProcessHeap () returned 0x4b0000 [0053.716] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.716] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\osknumpad\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06ceb7f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.716] GetProcessHeap () returned 0x4b0000 [0053.716] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.716] GetProcessHeap () returned 0x4b0000 [0053.716] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.716] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cef41, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a37a4cb, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2c50 [0053.716] GetProcessHeap () returned 0x4b0000 [0053.716] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.716] GetProcessHeap () returned 0x4b0000 [0053.716] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be50b0 [0053.716] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\fsdefinitions\\symbols\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cf371, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c2dd0 [0053.973] GetProcessHeap () returned 0x4b0000 [0053.973] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be50b0 | out: hHeap=0x4b0000) returned 1 [0053.973] GetProcessHeap () returned 0x4b0000 [0053.973] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bd40a0 | out: hHeap=0x4b0000) returned 1 [0054.758] GetProcessHeap () returned 0x4b0000 [0054.769] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.771] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\he-IL\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b63f64, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cf9a3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.783] GetProcessHeap () returned 0x4b0000 [0054.789] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.789] GetProcessHeap () returned 0x4b0000 [0054.789] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.789] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\hr-HR\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06cfce2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.795] GetProcessHeap () returned 0x4b0000 [0054.795] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.796] GetProcessHeap () returned 0x4b0000 [0054.796] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\hu-HU\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa06d0656, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0054.796] GetProcessHeap () returned 0x4b0000 [0054.796] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.796] GetProcessHeap () returned 0x4b0000 [0054.796] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\HWRCustomization\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6eba2ec1, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0xa07693a9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x6eba2ec1, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0054.796] GetProcessHeap () returned 0x4b0000 [0054.796] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.796] GetProcessHeap () returned 0x4b0000 [0054.796] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\it-IT\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0769b1e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.796] GetProcessHeap () returned 0x4b0000 [0054.796] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.796] GetProcessHeap () returned 0x4b0000 [0054.796] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ja-JP\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076a026, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ko-KR\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076a7a6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\LanguageModel\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076afd8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\lt-LT\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076b52b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.797] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\lv-LV\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076ba6e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0054.797] GetProcessHeap () returned 0x4b0000 [0054.798] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\nb-NO\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076bff5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3a0736, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\nl-NL\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa076c75d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\pl-PL\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080d57c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\pt-BR\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080d988, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.798] GetProcessHeap () returned 0x4b0000 [0054.798] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.799] GetProcessHeap () returned 0x4b0000 [0054.799] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\pt-PT\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080ddb8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.799] GetProcessHeap () returned 0x4b0000 [0054.799] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.799] GetProcessHeap () returned 0x4b0000 [0054.799] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ro-RO\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080e0f5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.799] GetProcessHeap () returned 0x4b0000 [0054.799] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.799] GetProcessHeap () returned 0x4b0000 [0054.799] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\ru-RU\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080e4d1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sk-SK\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080e8a3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sl-SI\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa080ec25, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sr-Latn-RS\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c7ae2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.800] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\sv-SE\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c820e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0054.800] GetProcessHeap () returned 0x4b0000 [0054.801] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\th-TH\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c8602, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\tr-TR\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c896f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\uk-UA\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c8ed8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3c699c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\zh-CN\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c93df, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3ecc0a, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0054.801] GetProcessHeap () returned 0x4b0000 [0054.801] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.802] GetProcessHeap () returned 0x4b0000 [0054.802] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.802] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\ink\\zh-TW\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa08c97fd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a3ecc0a, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.802] GetProcessHeap () returned 0x4b0000 [0054.802] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.802] GetProcessHeap () returned 0x4b0000 [0054.802] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.803] GetProcessHeap () returned 0x4b0000 [0054.803] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\MSInfo\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa098a4c6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71143a45, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.803] GetProcessHeap () returned 0x4b0000 [0054.803] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.804] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\MSInfo\\en-US\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa098aa4a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0054.804] GetProcessHeap () returned 0x4b0000 [0054.804] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.804] GetProcessHeap () returned 0x4b0000 [0054.804] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.805] GetProcessHeap () returned 0x4b0000 [0054.805] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd99442a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xd9f60362, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd9f60362, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.805] GetProcessHeap () returned 0x4b0000 [0054.806] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.806] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Office Setup Controller\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xd9f60362, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xa0a26299, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xda982389, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0054.808] GetProcessHeap () returned 0x4b0000 [0054.808] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.808] GetProcessHeap () returned 0x4b0000 [0054.808] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.809] GetProcessHeap () returned 0x4b0000 [0054.809] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd99442a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xd99442a7, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd99442a7, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.810] GetProcessHeap () returned 0x4b0000 [0054.810] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.810] GetProcessHeap () returned 0x4b0000 [0054.810] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.810] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\Source Engine\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4accd6e1, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4accd6e1, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4accd6e1, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 [0054.811] GetProcessHeap () returned 0x4b0000 [0054.811] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.811] GetProcessHeap () returned 0x4b0000 [0054.811] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.811] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\Stationery\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17b8a1d2, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b5538f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a412e70, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0054.813] GetProcessHeap () returned 0x4b0000 [0054.813] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.813] GetProcessHeap () returned 0x4b0000 [0054.813] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\TextConv\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b56882, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0054.813] GetProcessHeap () returned 0x4b0000 [0054.813] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.814] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\TextConv\\en-US\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b5787e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0054.814] GetProcessHeap () returned 0x4b0000 [0054.814] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.814] GetProcessHeap () returned 0x4b0000 [0054.814] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.816] GetProcessHeap () returned 0x4b0000 [0054.816] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\Triedit\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b57d42, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.817] GetProcessHeap () returned 0x4b0000 [0054.817] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.817] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\Triedit\\en-US\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b209410, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0b58502, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b209410, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0054.817] GetProcessHeap () returned 0x4b0000 [0054.817] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.817] GetProcessHeap () returned 0x4b0000 [0054.818] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.818] GetProcessHeap () returned 0x4b0000 [0054.818] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VC\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xbcd0fab8, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xa0b594b8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2ce22546, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0054.822] GetProcessHeap () returned 0x4b0000 [0054.822] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.822] GetProcessHeap () returned 0x4b0000 [0054.822] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VGX\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0b59a78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.822] GetProcessHeap () returned 0x4b0000 [0054.822] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.822] GetProcessHeap () returned 0x4b0000 [0054.822] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc3090 [0054.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VSTO\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ecb94e, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4ae972f5, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4ae972f5, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0054.822] GetProcessHeap () returned 0x4b0000 [0054.822] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.823] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VSTO\\10.0\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4aebd53e, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4aebd53e, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0054.825] GetProcessHeap () returned 0x4b0000 [0054.825] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bf40b0 [0054.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\microsoft shared\\VSTO\\10.0\\1033\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6d7a0a, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x4a6fdac8, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x4a6fdac8, ftLastWriteTime.dwHighDateTime=0x1d327e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0054.827] GetProcessHeap () returned 0x4b0000 [0054.827] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bf40b0 | out: hHeap=0x4b0000) returned 1 [0054.827] GetProcessHeap () returned 0x4b0000 [0054.827] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.827] GetProcessHeap () returned 0x4b0000 [0054.827] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc3090 | out: hHeap=0x4b0000) returned 1 [0054.827] GetProcessHeap () returned 0x4b0000 [0054.827] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bb2080 | out: hHeap=0x4b0000) returned 1 [0054.828] GetProcessHeap () returned 0x4b0000 [0054.828] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.828] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\Services\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c11068, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a412e70, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0054.829] GetProcessHeap () returned 0x4b0000 [0054.829] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.829] GetProcessHeap () returned 0x4b0000 [0054.829] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.829] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0c5f95f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0054.936] GetProcessHeap () returned 0x4b0000 [0054.936] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0054.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\ado\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0cb0a3f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0054.938] GetProcessHeap () returned 0x4b0000 [0054.938] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1b900 [0054.938] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\ado\\en-US\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb2730, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0054.938] GetProcessHeap () returned 0x4b0000 [0054.938] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1b900 | out: hHeap=0x4b0000) returned 1 [0054.939] GetProcessHeap () returned 0x4b0000 [0054.939] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0054.940] GetProcessHeap () returned 0x4b0000 [0054.940] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1b900 [0054.941] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\en-US\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0cb3579, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.941] GetProcessHeap () returned 0x4b0000 [0054.941] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1b900 | out: hHeap=0x4b0000) returned 1 [0054.941] GetProcessHeap () returned 0x4b0000 [0054.941] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1b900 [0054.941] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\msadc\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d7f179, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0054.943] GetProcessHeap () returned 0x4b0000 [0054.943] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0054.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\msadc\\en-US\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d805e9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0054.944] GetProcessHeap () returned 0x4b0000 [0054.944] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0054.944] GetProcessHeap () returned 0x4b0000 [0054.944] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1b900 | out: hHeap=0x4b0000) returned 1 [0054.945] GetProcessHeap () returned 0x4b0000 [0054.945] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1b900 [0054.945] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\Ole DB\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d8186d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0054.947] GetProcessHeap () returned 0x4b0000 [0054.947] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0054.947] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Common Files\\System\\Ole DB\\en-US\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d8245b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b22f66e, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.948] GetProcessHeap () returned 0x4b0000 [0054.948] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0054.948] GetProcessHeap () returned 0x4b0000 [0054.948] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1b900 | out: hHeap=0x4b0000) returned 1 [0054.949] GetProcessHeap () returned 0x4b0000 [0054.949] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.949] GetProcessHeap () returned 0x4b0000 [0054.949] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0054.949] GetProcessHeap () returned 0x4b0000 [0054.950] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.950] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d83195, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x71169cb5, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0054.951] GetProcessHeap () returned 0x4b0000 [0054.951] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0054.951] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\en-US\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b22f66e, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa0d83d92, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa21685bc, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.951] GetProcessHeap () returned 0x4b0000 [0054.951] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0054.951] GetProcessHeap () returned 0x4b0000 [0054.951] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0054.952] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\images\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17bb043c, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xa0d846d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a485593, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0054.952] GetProcessHeap () returned 0x4b0000 [0054.952] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0054.952] GetProcessHeap () returned 0x4b0000 [0054.952] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0054.952] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Internet Explorer\\SIGNUP\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xb77a1634, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb77a1634, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0054.952] GetProcessHeap () returned 0x4b0000 [0054.952] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0054.952] GetProcessHeap () returned 0x4b0000 [0054.952] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0054.953] GetProcessHeap () returned 0x4b0000 [0054.953] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0054.953] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0x717638a8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x717638a8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0054.953] GetProcessHeap () returned 0x4b0000 [0054.953] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0054.954] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xa235ac5b, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0de2f82, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xafba0b05, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0054.955] GetProcessHeap () returned 0x4b0000 [0054.955] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0054.956] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7406c5a, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0eaff93, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0054.967] GetProcessHeap () returned 0x4b0000 [0054.967] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.968] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\dtplugin\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa742cea6, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2891a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa742cea6, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.968] GetProcessHeap () returned 0x4b0000 [0054.968] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.973] GetProcessHeap () returned 0x4b0000 [0054.973] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.973] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\plugin2\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89ee6c2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2a2bf, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa89ee6c2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0054.973] GetProcessHeap () returned 0x4b0000 [0054.973] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.974] GetProcessHeap () returned 0x4b0000 [0054.974] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.974] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\bin\\server\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8af971e, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0f2b6c0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xab35b530, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0054.974] GetProcessHeap () returned 0x4b0000 [0054.974] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.974] GetProcessHeap () returned 0x4b0000 [0054.974] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0054.975] GetProcessHeap () returned 0x4b0000 [0054.975] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0054.976] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0fe1f09, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xaa80821a, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0054.978] GetProcessHeap () returned 0x4b0000 [0054.978] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.979] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\amd64\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa0fe451d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0054.980] GetProcessHeap () returned 0x4b0000 [0054.980] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.980] GetProcessHeap () returned 0x4b0000 [0054.980] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.980] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\applet\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa105ca28, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b45bd2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0054.981] GetProcessHeap () returned 0x4b0000 [0054.981] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.981] GetProcessHeap () returned 0x4b0000 [0054.981] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.981] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\cmm\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8b45bd2, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa105e2a1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b6bdff, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0054.982] GetProcessHeap () returned 0x4b0000 [0054.982] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.982] GetProcessHeap () returned 0x4b0000 [0054.982] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\deploy\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8b6bdff, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa10e432c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8b9204e, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0054.984] GetProcessHeap () returned 0x4b0000 [0054.984] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.984] GetProcessHeap () returned 0x4b0000 [0054.984] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.984] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\ext\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8b9204e, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa11bdb26, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xaa8ed01b, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0054.987] GetProcessHeap () returned 0x4b0000 [0054.987] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0054.987] GetProcessHeap () returned 0x4b0000 [0054.987] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0054.987] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\fonts\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8c0476d, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa122f229, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8c2a9b3, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0055.236] GetProcessHeap () returned 0x4b0000 [0055.236] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0055.236] GetProcessHeap () returned 0x4b0000 [0055.236] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0055.237] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8c2a9b3, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa12313ee, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8c2a9b3, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0055.237] GetProcessHeap () returned 0x4b0000 [0055.237] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2c910 [0055.238] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\images\\cursors\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8c2a9b3, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa129361a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8c50c02, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0055.240] GetProcessHeap () returned 0x4b0000 [0055.241] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2c910 | out: hHeap=0x4b0000) returned 1 [0055.241] GetProcessHeap () returned 0x4b0000 [0055.241] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0055.241] GetProcessHeap () returned 0x4b0000 [0055.241] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0055.242] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\jfr\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8c50c02, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa1295634, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8c50c02, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0055.242] GetProcessHeap () returned 0x4b0000 [0055.242] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0055.242] GetProcessHeap () returned 0x4b0000 [0055.242] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0055.242] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\management\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8c50c02, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa1389711, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8c76e77, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0055.248] GetProcessHeap () returned 0x4b0000 [0055.248] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0055.248] GetProcessHeap () returned 0x4b0000 [0055.248] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0055.248] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Java\\jre1.8.0_144\\lib\\security\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8c76e77, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa1418338, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa8c9d0cc, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0055.254] GetProcessHeap () returned 0x4b0000 [0055.254] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0055.254] GetProcessHeap () returned 0x4b0000 [0055.254] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0055.255] GetProcessHeap () returned 0x4b0000 [0055.255] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0055.255] GetProcessHeap () returned 0x4b0000 [0055.255] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4be40a8 | out: hHeap=0x4b0000) returned 1 [0055.256] GetProcessHeap () returned 0x4b0000 [0055.256] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4be40a8 [0055.256] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\*", lpFindFileData=0xe9f058 | out: lpFindFileData=0xe9f058*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0x83189ec0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x717638a8, ftLastAccessTime.dwHighDateTime=0x1d591b7, ftLastWriteTime.dwLowDateTime=0x717638a8, ftLastWriteTime.dwHighDateTime=0x1d591b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06070 [0055.256] GetProcessHeap () returned 0x4b0000 [0055.257] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0055.257] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\Office16\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x30, ftCreationTime.dwLowDateTime=0xd9e7b530, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xa146f18e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xda9a8629, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0055.258] GetProcessHeap () returned 0x4b0000 [0055.258] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0055.258] GetProcessHeap () returned 0x4b0000 [0055.258] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0055.258] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\PackageManifests\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x831d63af, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf982bd9c, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xf982bd9c, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0055.262] GetProcessHeap () returned 0x4b0000 [0055.262] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c1a8f8 | out: hHeap=0x4b0000) returned 1 [0055.262] GetProcessHeap () returned 0x4b0000 [0055.262] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c1a8f8 [0055.263] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\*", lpFindFileData=0xe9edc8 | out: lpFindFileData=0xe9edc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x83189ec0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb2fdc25, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xeb2fdc25, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c059f0 [0055.263] GetProcessHeap () returned 0x4b0000 [0055.263] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0055.263] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\client\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86813dc4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xd2ca2e08, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd2ca2e08, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0055.265] GetProcessHeap () returned 0x4b0000 [0055.265] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0055.265] GetProcessHeap () returned 0x4b0000 [0055.265] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0055.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\CLIPART\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x104b75c6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x104b75c6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0055.265] GetProcessHeap () returned 0x4b0000 [0055.265] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0055.266] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\CLIPART\\PUB60COR\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb32840, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1113bba3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1113bba3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0055.516] GetProcessHeap () returned 0x4b0000 [0055.516] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0055.516] GetProcessHeap () returned 0x4b0000 [0055.516] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0055.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\CLIPART\\Publisher\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x104b75c6, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x104b75c6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x104b75c6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0055.518] GetProcessHeap () returned 0x4b0000 [0055.518] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0055.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\CLIPART\\Publisher\\Backgrounds\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x104b75c6, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1113bba3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1113bba3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0055.521] GetProcessHeap () returned 0x4b0000 [0055.521] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0055.521] GetProcessHeap () returned 0x4b0000 [0055.521] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0055.522] GetProcessHeap () returned 0x4b0000 [0055.522] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0055.522] GetProcessHeap () returned 0x4b0000 [0055.522] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0055.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Document Themes 16\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x114a91d5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x114a91d5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0055.523] GetProcessHeap () returned 0x4b0000 [0055.523] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0055.523] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Document Themes 16\\Theme Colors\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1132ba98, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x115da4b2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x115da4b2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0055.525] GetProcessHeap () returned 0x4b0000 [0055.525] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0055.525] GetProcessHeap () returned 0x4b0000 [0055.525] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0055.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Document Themes 16\\Theme Effects\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11377f40, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x11482f7f, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x11482f7f, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0055.528] GetProcessHeap () returned 0x4b0000 [0055.528] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0055.528] GetProcessHeap () returned 0x4b0000 [0055.529] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0055.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Document Themes 16\\Theme Fonts\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11436ace, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x115da4b2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x115da4b2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0055.531] GetProcessHeap () returned 0x4b0000 [0055.531] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0055.531] GetProcessHeap () returned 0x4b0000 [0055.531] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0055.532] GetProcessHeap () returned 0x4b0000 [0055.532] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0055.532] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Flattener\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x114f5747, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x114f5747, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0055.534] GetProcessHeap () returned 0x4b0000 [0055.534] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0055.534] GetProcessHeap () returned 0x4b0000 [0055.534] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0055.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\fre\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x115da4b2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x115da4b2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0055.537] GetProcessHeap () returned 0x4b0000 [0055.537] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0055.537] GetProcessHeap () returned 0x4b0000 [0055.537] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0055.537] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Integration\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1f5fb21, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3b2abe77, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b2abe77, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0055.678] GetProcessHeap () returned 0x4b0000 [0055.678] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0055.678] GetProcessHeap () returned 0x4b0000 [0055.679] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0055.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Licenses16\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe2687c83, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xee308135, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xee308135, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.139] GetProcessHeap () returned 0x4b0000 [0056.139] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0056.139] GetProcessHeap () returned 0x4b0000 [0056.139] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0056.139] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\loc\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xee45f66d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x983c2c8, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.139] GetProcessHeap () returned 0x4b0000 [0056.139] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0056.139] GetProcessHeap () returned 0x4b0000 [0056.139] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0056.139] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\mcxml\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb2fdc25, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xeb2fdc25, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.140] GetProcessHeap () returned 0x4b0000 [0056.140] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.141] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\mcxml\\en-us\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x92201bc, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x3b8c7ea5, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b8c7ea5, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.144] GetProcessHeap () returned 0x4b0000 [0056.144] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.144] GetProcessHeap () returned 0x4b0000 [0056.144] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\mcxml\\es-es\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x99dfc61, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x99dfc61, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x99dfc61, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.145] GetProcessHeap () returned 0x4b0000 [0056.145] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.145] GetProcessHeap () returned 0x4b0000 [0056.145] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.145] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\mcxml\\fr-fr\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x99473dc, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x99473dc, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x99473dc, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0056.145] GetProcessHeap () returned 0x4b0000 [0056.146] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.146] GetProcessHeap () returned 0x4b0000 [0056.146] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\mcxml\\x-none\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1164cbcb, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x3b9607ff, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b9607ff, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0056.149] GetProcessHeap () returned 0x4b0000 [0056.149] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.149] GetProcessHeap () returned 0x4b0000 [0056.149] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0056.149] GetProcessHeap () returned 0x4b0000 [0056.149] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0056.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x83189ec0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3c29db74, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3c29db74, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0056.152] GetProcessHeap () returned 0x4b0000 [0056.152] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4d9058b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3b93a5c4, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b93a5c4, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.154] GetProcessHeap () returned 0x4b0000 [0056.154] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\Bibliography\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ac4a8a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x9ac4a8a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x9ac4a8a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.155] GetProcessHeap () returned 0x4b0000 [0056.155] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.155] GetProcessHeap () returned 0x4b0000 [0056.155] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.155] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\DataServices\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1697068, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x99937c0, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x99937c0, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.158] GetProcessHeap () returned 0x4b0000 [0056.158] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.227] GetProcessHeap () returned 0x4b0000 [0056.227] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\PUBFTSCM\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc7c11d2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xae963cd, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xae963cd, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0056.230] GetProcessHeap () returned 0x4b0000 [0056.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.230] GetProcessHeap () returned 0x4b0000 [0056.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.230] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\PUBSPAPR\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xacf29e7, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xae70165, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xae70165, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0056.254] GetProcessHeap () returned 0x4b0000 [0056.254] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.254] GetProcessHeap () returned 0x4b0000 [0056.254] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.254] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\QuickStyles\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae49f22, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xae70165, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xae70165, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0056.258] GetProcessHeap () returned 0x4b0000 [0056.258] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.271] GetProcessHeap () returned 0x4b0000 [0056.271] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.272] GetProcessHeap () returned 0x4b0000 [0056.272] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.272] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1036\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4d440f9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc4d440f9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc4d440f9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.273] GetProcessHeap () returned 0x4b0000 [0056.273] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.273] GetProcessHeap () returned 0x4b0000 [0056.273] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.273] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\3082\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4d440f9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc4d440f9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc4d440f9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.273] GetProcessHeap () returned 0x4b0000 [0056.273] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.273] GetProcessHeap () returned 0x4b0000 [0056.273] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.273] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\AccessWeb\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1295fc19, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x12985c4e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0056.274] GetProcessHeap () returned 0x4b0000 [0056.274] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.274] GetProcessHeap () returned 0x4b0000 [0056.274] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.274] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1335b74d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1335b74d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0056.277] GetProcessHeap () returned 0x4b0000 [0056.277] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0056.277] GetProcessHeap () returned 0x4b0000 [0056.277] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0056.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7c5a96a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x133819a5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x133819a5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0056.277] GetProcessHeap () returned 0x4b0000 [0056.277] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd42039, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xefd42039, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xefd42039, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.278] GetProcessHeap () returned 0x4b0000 [0056.278] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0056.278] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd42039, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x895576a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x895576a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0056.278] GetProcessHeap () returned 0x4b0000 [0056.278] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.279] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\ar\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1945af2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x7fd9ab, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x7fd9ab, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.281] GetProcessHeap () returned 0x4b0000 [0056.281] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.281] GetProcessHeap () returned 0x4b0000 [0056.281] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.281] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\bg\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf480feb5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x18157e1, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x18157e1, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.313] GetProcessHeap () returned 0x4b0000 [0056.313] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.313] GetProcessHeap () returned 0x4b0000 [0056.313] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.313] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\ca\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ae94c9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x61b241f, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x61b241f, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.354] GetProcessHeap () returned 0x4b0000 [0056.354] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.354] GetProcessHeap () returned 0x4b0000 [0056.354] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.354] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\cs\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf134fca5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x2ee20e1, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2ee20e1, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0056.356] GetProcessHeap () returned 0x4b0000 [0056.356] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.356] GetProcessHeap () returned 0x4b0000 [0056.356] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.357] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\da\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5c164a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6866e01, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6866e01, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.363] GetProcessHeap () returned 0x4b0000 [0056.363] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.363] GetProcessHeap () returned 0x4b0000 [0056.363] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\de\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff31e88, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x624ad43, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x624ad43, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.366] GetProcessHeap () returned 0x4b0000 [0056.366] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.366] GetProcessHeap () returned 0x4b0000 [0056.366] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.366] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\el\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf00d5872, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6c93006, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6c93006, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.371] GetProcessHeap () returned 0x4b0000 [0056.371] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.371] GetProcessHeap () returned 0x4b0000 [0056.371] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.371] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\es\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf47e9c8f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6e5cc4e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6e5cc4e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0056.373] GetProcessHeap () returned 0x4b0000 [0056.373] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.373] GetProcessHeap () returned 0x4b0000 [0056.374] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.374] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\et\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0df27d3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8719376, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x8719376, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.375] GetProcessHeap () returned 0x4b0000 [0056.375] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.375] GetProcessHeap () returned 0x4b0000 [0056.375] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\eu\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf41cdbc1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x69980f7, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x69980f7, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0056.382] GetProcessHeap () returned 0x4b0000 [0056.382] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.382] GetProcessHeap () returned 0x4b0000 [0056.382] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.382] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\fi\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf47e9c8f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6bae279, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6bae279, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0056.383] GetProcessHeap () returned 0x4b0000 [0056.383] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.384] GetProcessHeap () returned 0x4b0000 [0056.384] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.384] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\fr\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd42039, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x60db08, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x60db08, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0056.385] GetProcessHeap () returned 0x4b0000 [0056.385] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.385] GetProcessHeap () returned 0x4b0000 [0056.385] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.385] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\gl\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e0a643, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x675bda6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x675bda6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0056.387] GetProcessHeap () returned 0x4b0000 [0056.387] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.387] GetProcessHeap () returned 0x4b0000 [0056.387] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.387] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\he\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c8cf9c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6e5cc4e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6e5cc4e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.448] GetProcessHeap () returned 0x4b0000 [0056.448] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.448] GetProcessHeap () returned 0x4b0000 [0056.448] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\hi\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf43e3cb7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6c93006, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6c93006, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.449] GetProcessHeap () returned 0x4b0000 [0056.449] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.449] GetProcessHeap () returned 0x4b0000 [0056.449] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.450] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\hr\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ac3289, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6b61d36, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6b61d36, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0056.451] GetProcessHeap () returned 0x4b0000 [0056.451] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.451] GetProcessHeap () returned 0x4b0000 [0056.451] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.451] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\hu\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1945af2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x2ebbef3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2ebbef3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.453] GetProcessHeap () returned 0x4b0000 [0056.453] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.453] GetProcessHeap () returned 0x4b0000 [0056.453] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.453] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\id\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefee59ce, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc43098a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc43098a, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.456] GetProcessHeap () returned 0x4b0000 [0056.456] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.456] GetProcessHeap () returned 0x4b0000 [0056.456] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.456] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\it\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa89f599, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6270fd0, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6270fd0, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0056.459] GetProcessHeap () returned 0x4b0000 [0056.459] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.459] GetProcessHeap () returned 0x4b0000 [0056.459] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.459] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\ja\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf12dd5ae, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x91adba5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x91adba5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.461] GetProcessHeap () returned 0x4b0000 [0056.461] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.461] GetProcessHeap () returned 0x4b0000 [0056.461] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.461] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\kk\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfbd09866, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6d2b978, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6d2b978, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.464] GetProcessHeap () returned 0x4b0000 [0056.464] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.464] GetProcessHeap () returned 0x4b0000 [0056.464] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.464] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\ko\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf12b7378, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x5101cbd, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x5101cbd, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.466] GetProcessHeap () returned 0x4b0000 [0056.466] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.466] GetProcessHeap () returned 0x4b0000 [0056.466] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.466] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\lt\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6bad1cb, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x22f6470, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x22f6470, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0056.468] GetProcessHeap () returned 0x4b0000 [0056.468] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.468] GetProcessHeap () returned 0x4b0000 [0056.468] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.468] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\lv\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf00d5872, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x59f29de, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x59f29de, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0056.470] GetProcessHeap () returned 0x4b0000 [0056.470] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.470] GetProcessHeap () returned 0x4b0000 [0056.470] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\ms\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1a2a905, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6224b6a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6224b6a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0056.472] GetProcessHeap () returned 0x4b0000 [0056.472] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.472] GetProcessHeap () returned 0x4b0000 [0056.472] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.472] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\nl\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0822be8, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6b61d36, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6b61d36, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.473] GetProcessHeap () returned 0x4b0000 [0056.473] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.473] GetProcessHeap () returned 0x4b0000 [0056.473] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.473] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\no\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4409f1c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8680a1e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x8680a1e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0056.475] GetProcessHeap () returned 0x4b0000 [0056.475] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.475] GetProcessHeap () returned 0x4b0000 [0056.475] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\pl\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf854e731, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x865a7d2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x865a7d2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0056.477] GetProcessHeap () returned 0x4b0000 [0056.477] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.477] GetProcessHeap () returned 0x4b0000 [0056.477] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.477] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\pt-BR\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf755cb7d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6bfa6d9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6bfa6d9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.480] GetProcessHeap () returned 0x4b0000 [0056.480] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.480] GetProcessHeap () returned 0x4b0000 [0056.480] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\pt-pt\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4ba375b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6e5cc4e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6e5cc4e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.545] GetProcessHeap () returned 0x4b0000 [0056.545] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.545] GetProcessHeap () returned 0x4b0000 [0056.545] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.545] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\ro\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0063153, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6e5cc4e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6e5cc4e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.546] GetProcessHeap () returned 0x4b0000 [0056.546] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.547] GetProcessHeap () returned 0x4b0000 [0056.547] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.547] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\ru\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf13037fa, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf71003, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xf71003, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.548] GetProcessHeap () returned 0x4b0000 [0056.548] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.548] GetProcessHeap () returned 0x4b0000 [0056.548] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.548] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\sk\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42b29f3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x865a7d2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x865a7d2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.551] GetProcessHeap () returned 0x4b0000 [0056.551] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.551] GetProcessHeap () returned 0x4b0000 [0056.551] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.551] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\sl\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ae94c9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x633d60, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x633d60, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.553] GetProcessHeap () returned 0x4b0000 [0056.553] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.553] GetProcessHeap () returned 0x4b0000 [0056.553] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.553] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\sr-Cyrl\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf05741b2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x4cd5a2f, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x4cd5a2f, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0056.555] GetProcessHeap () returned 0x4b0000 [0056.555] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.555] GetProcessHeap () returned 0x4b0000 [0056.555] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.555] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\sr-Latn\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6aee686, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6d05722, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6d05722, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0056.557] GetProcessHeap () returned 0x4b0000 [0056.557] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.557] GetProcessHeap () returned 0x4b0000 [0056.557] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\sr-Latn-CS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42b29f3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x865a7d2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x865a7d2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0056.559] GetProcessHeap () returned 0x4b0000 [0056.559] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.559] GetProcessHeap () returned 0x4b0000 [0056.559] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\sv\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa25d2ba, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x670f8d9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x670f8d9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0056.561] GetProcessHeap () returned 0x4b0000 [0056.561] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.561] GetProcessHeap () returned 0x4b0000 [0056.561] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.561] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\th\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1860d8a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6224b6a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6224b6a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0056.563] GetProcessHeap () returned 0x4b0000 [0056.563] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.563] GetProcessHeap () returned 0x4b0000 [0056.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\tr\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa8eba59, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x453c2a7, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x453c2a7, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0056.564] GetProcessHeap () returned 0x4b0000 [0056.564] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.564] GetProcessHeap () returned 0x4b0000 [0056.564] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.564] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\uk\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd8e49f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x37f90ac, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x37f90ac, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.567] GetProcessHeap () returned 0x4b0000 [0056.567] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.567] GetProcessHeap () returned 0x4b0000 [0056.567] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.567] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\vi\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4692737, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x4abf9f4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x4abf9f4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.569] GetProcessHeap () returned 0x4b0000 [0056.569] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.569] GetProcessHeap () returned 0x4b0000 [0056.569] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\zh-HANS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e56af1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x680214, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x680214, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.570] GetProcessHeap () returned 0x4b0000 [0056.571] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.571] GetProcessHeap () returned 0x4b0000 [0056.571] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.571] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Microsoft Power Query for Excel Integrated\\bin\\zh-HANT\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf00af60a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfa5581c0, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfa5581c0, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.572] GetProcessHeap () returned 0x4b0000 [0056.572] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.572] GetProcessHeap () returned 0x4b0000 [0056.572] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0056.573] GetProcessHeap () returned 0x4b0000 [0056.573] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.573] GetProcessHeap () returned 0x4b0000 [0056.573] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power Map Excel Add-in\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf016e209, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6b61d36, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6b61d36, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.575] GetProcessHeap () returned 0x4b0000 [0056.575] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.575] GetProcessHeap () returned 0x4b0000 [0056.575] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.575] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd42039, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1525a179, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1525a179, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0056.576] GetProcessHeap () returned 0x4b0000 [0056.576] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.576] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\ar\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd42039, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x133cde53, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x133cde53, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0056.577] GetProcessHeap () returned 0x4b0000 [0056.577] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.577] GetProcessHeap () returned 0x4b0000 [0056.577] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.577] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\bg\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf12dd5ae, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x133819a5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x133819a5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0056.579] GetProcessHeap () returned 0x4b0000 [0056.579] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.579] GetProcessHeap () returned 0x4b0000 [0056.579] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.579] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\ca\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42d8c51, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x133f40a9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x133f40a9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.580] GetProcessHeap () returned 0x4b0000 [0056.581] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.581] GetProcessHeap () returned 0x4b0000 [0056.581] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.581] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\cs\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9a9d821, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x133cde53, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x133cde53, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.605] GetProcessHeap () returned 0x4b0000 [0056.605] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.605] GetProcessHeap () returned 0x4b0000 [0056.605] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\da\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6a6473, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1341a2e5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1341a2e5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.608] GetProcessHeap () returned 0x4b0000 [0056.608] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.608] GetProcessHeap () returned 0x4b0000 [0056.608] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.608] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\de\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6354def, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x133f40a9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x133f40a9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0056.609] GetProcessHeap () returned 0x4b0000 [0056.609] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.609] GetProcessHeap () returned 0x4b0000 [0056.609] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\el\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf46b8986, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1341a2e5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1341a2e5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.611] GetProcessHeap () returned 0x4b0000 [0056.611] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.611] GetProcessHeap () returned 0x4b0000 [0056.611] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.611] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\es\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf7582db3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1341a2e5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1341a2e5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.613] GetProcessHeap () returned 0x4b0000 [0056.613] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.614] GetProcessHeap () returned 0x4b0000 [0056.614] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.614] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\et\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1b0f72e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x13440553, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x13440553, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.615] GetProcessHeap () returned 0x4b0000 [0056.615] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.615] GetProcessHeap () returned 0x4b0000 [0056.615] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.615] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\eu\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6d2a978, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1341a2e5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1341a2e5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.617] GetProcessHeap () returned 0x4b0000 [0056.617] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.617] GetProcessHeap () returned 0x4b0000 [0056.617] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.617] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\fi\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf18f9628, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x138defa8, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x138defa8, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.618] GetProcessHeap () returned 0x4b0000 [0056.618] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.618] GetProcessHeap () returned 0x4b0000 [0056.618] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.618] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\fr\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ae94c9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x13440553, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x13440553, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.620] GetProcessHeap () returned 0x4b0000 [0056.620] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.620] GetProcessHeap () returned 0x4b0000 [0056.620] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\gl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9ac3a61, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x13aced2b, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x13aced2b, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.629] GetProcessHeap () returned 0x4b0000 [0056.629] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.629] GetProcessHeap () returned 0x4b0000 [0056.629] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.629] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\he\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4a98712, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x13a8299e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x13a8299e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0056.630] GetProcessHeap () returned 0x4b0000 [0056.630] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.630] GetProcessHeap () returned 0x4b0000 [0056.630] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.630] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\hi\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa806c3d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1428e945, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1428e945, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.632] GetProcessHeap () returned 0x4b0000 [0056.632] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.632] GetProcessHeap () returned 0x4b0000 [0056.632] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.632] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\hr\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf7beb2bc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x13b67741, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x13b67741, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.634] GetProcessHeap () returned 0x4b0000 [0056.634] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.634] GetProcessHeap () returned 0x4b0000 [0056.634] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.634] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\hu\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6164f96, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x14648313, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x14648313, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.635] GetProcessHeap () returned 0x4b0000 [0056.635] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.636] GetProcessHeap () returned 0x4b0000 [0056.636] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.636] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\id\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf18f9628, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1434d390, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1434d390, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.637] GetProcessHeap () returned 0x4b0000 [0056.637] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.637] GetProcessHeap () returned 0x4b0000 [0056.637] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.637] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\it\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf964b3dd, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x14969496, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x14969496, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.639] GetProcessHeap () returned 0x4b0000 [0056.639] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.639] GetProcessHeap () returned 0x4b0000 [0056.639] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.639] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\ja\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf15d84bd, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x146e0bdc, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x146e0bdc, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.640] GetProcessHeap () returned 0x4b0000 [0056.640] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.640] GetProcessHeap () returned 0x4b0000 [0056.640] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.640] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\kk\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfae6f174, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x14b330aa, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x14b330aa, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0056.642] GetProcessHeap () returned 0x4b0000 [0056.642] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.642] GetProcessHeap () returned 0x4b0000 [0056.642] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.642] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\ko\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf17ee5c3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x14ac0994, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x14ac0994, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.792] GetProcessHeap () returned 0x4b0000 [0056.792] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.792] GetProcessHeap () returned 0x4b0000 [0056.792] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.792] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\lt\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf7b529d9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x152a6704, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x152a6704, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0056.794] GetProcessHeap () returned 0x4b0000 [0056.794] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.794] GetProcessHeap () returned 0x4b0000 [0056.794] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\lv\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf035e09d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1525a179, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1525a179, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0056.795] GetProcessHeap () returned 0x4b0000 [0056.795] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.795] GetProcessHeap () returned 0x4b0000 [0056.795] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\ms\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42fef17, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15ab259c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15ab259c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.797] GetProcessHeap () returned 0x4b0000 [0056.797] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.797] GetProcessHeap () returned 0x4b0000 [0056.797] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\nl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x718b80, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x15a3fea8, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15a3fea8, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.798] GetProcessHeap () returned 0x4b0000 [0056.798] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.798] GetProcessHeap () returned 0x4b0000 [0056.798] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.799] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\no\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf18f9628, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15b71118, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15b71118, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0056.801] GetProcessHeap () returned 0x4b0000 [0056.801] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.801] GetProcessHeap () returned 0x4b0000 [0056.801] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\pl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf44c8b33, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15b24c93, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15b24c93, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.803] GetProcessHeap () returned 0x4b0000 [0056.803] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.803] GetProcessHeap () returned 0x4b0000 [0056.803] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\pt\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff0bc27, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15bbd5ad, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15bbd5ad, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0056.805] GetProcessHeap () returned 0x4b0000 [0056.805] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.805] GetProcessHeap () returned 0x4b0000 [0056.805] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\pt-PT\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf475131d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15be380c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15be380c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.807] GetProcessHeap () returned 0x4b0000 [0056.807] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.807] GetProcessHeap () returned 0x4b0000 [0056.807] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\ro\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6ac83cd, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15d3adab, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15d3adab, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0056.809] GetProcessHeap () returned 0x4b0000 [0056.809] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.809] GetProcessHeap () returned 0x4b0000 [0056.809] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\ru\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefe00baf, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15d14b21, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15d14b21, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0056.810] GetProcessHeap () returned 0x4b0000 [0056.811] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.811] GetProcessHeap () returned 0x4b0000 [0056.811] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.811] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\sk\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6c6bda4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15e92299, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15e92299, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.812] GetProcessHeap () returned 0x4b0000 [0056.812] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.812] GetProcessHeap () returned 0x4b0000 [0056.812] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.812] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\sl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1b359a5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15e45dad, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15e45dad, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0056.818] GetProcessHeap () returned 0x4b0000 [0056.818] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.818] GetProcessHeap () returned 0x4b0000 [0056.818] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.818] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\sr-cyrl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1a2a905, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15f04999, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15f04999, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0056.819] GetProcessHeap () returned 0x4b0000 [0056.819] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.819] GetProcessHeap () returned 0x4b0000 [0056.819] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\sr-latn\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa879350, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x160a83ba, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x160a83ba, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0056.821] GetProcessHeap () returned 0x4b0000 [0056.821] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.821] GetProcessHeap () returned 0x4b0000 [0056.821] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\sr-Latn-CS\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf45f9db0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x15ede724, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x15ede724, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.823] GetProcessHeap () returned 0x4b0000 [0056.823] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.823] GetProcessHeap () returned 0x4b0000 [0056.823] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.823] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\sv\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa8eba59, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16035c5a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16035c5a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0056.825] GetProcessHeap () returned 0x4b0000 [0056.825] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.825] GetProcessHeap () returned 0x4b0000 [0056.825] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\th\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c66c57, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16166f59, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16166f59, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.827] GetProcessHeap () returned 0x4b0000 [0056.827] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.827] GetProcessHeap () returned 0x4b0000 [0056.827] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.827] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\tr\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1de43d5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16140cde, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16140cde, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.866] GetProcessHeap () returned 0x4b0000 [0056.866] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.866] GetProcessHeap () returned 0x4b0000 [0056.866] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\uk\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf7b9ee02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x161d962a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x161d962a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0056.868] GetProcessHeap () returned 0x4b0000 [0056.868] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.868] GetProcessHeap () returned 0x4b0000 [0056.868] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.868] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\vi\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf637b042, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x161d962a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x161d962a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.869] GetProcessHeap () returned 0x4b0000 [0056.869] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.869] GetProcessHeap () returned 0x4b0000 [0056.869] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.869] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\zh-CHS\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4c15e5f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x163ef7bf, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x163ef7bf, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0056.872] GetProcessHeap () returned 0x4b0000 [0056.872] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.872] GetProcessHeap () returned 0x4b0000 [0056.872] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.872] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\Power View Excel Add-in\\zh-CHT\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf47e9c8f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x164159c7, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x164159c7, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0056.874] GetProcessHeap () returned 0x4b0000 [0056.874] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.874] GetProcessHeap () returned 0x4b0000 [0056.874] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0056.875] GetProcessHeap () returned 0x4b0000 [0056.875] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0056.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd68243, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16841bb6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16841bb6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0056.876] GetProcessHeap () returned 0x4b0000 [0056.876] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.876] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\ar\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c1a793, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x163ef7bf, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x163ef7bf, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0056.879] GetProcessHeap () returned 0x4b0000 [0056.879] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.879] GetProcessHeap () returned 0x4b0000 [0056.879] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.879] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\bg\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ac3289, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x165b9401, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x165b9401, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0056.881] GetProcessHeap () returned 0x4b0000 [0056.881] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.882] GetProcessHeap () returned 0x4b0000 [0056.882] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.882] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\ca\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6296213, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16605845, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16605845, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.884] GetProcessHeap () returned 0x4b0000 [0056.884] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.884] GetProcessHeap () returned 0x4b0000 [0056.884] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.884] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Cartridges\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x164ae360, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.886] GetProcessHeap () returned 0x4b0000 [0056.886] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.886] GetProcessHeap () returned 0x4b0000 [0056.886] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.886] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\cs\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0063153, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16651cf9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16651cf9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0056.888] GetProcessHeap () returned 0x4b0000 [0056.888] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.888] GetProcessHeap () returned 0x4b0000 [0056.888] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.888] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\da\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf10a1263, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1662bb01, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1662bb01, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0056.890] GetProcessHeap () returned 0x4b0000 [0056.890] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.890] GetProcessHeap () returned 0x4b0000 [0056.890] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.890] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\de\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff31e88, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0056.892] GetProcessHeap () returned 0x4b0000 [0056.892] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.892] GetProcessHeap () returned 0x4b0000 [0056.892] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.892] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\el\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff580e7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.894] GetProcessHeap () returned 0x4b0000 [0056.894] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.894] GetProcessHeap () returned 0x4b0000 [0056.894] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.894] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\en\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x167a9331, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0056.896] GetProcessHeap () returned 0x4b0000 [0056.896] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.896] GetProcessHeap () returned 0x4b0000 [0056.896] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.896] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\es\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf00d5872, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16783027, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16783027, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0056.899] GetProcessHeap () returned 0x4b0000 [0056.899] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.899] GetProcessHeap () returned 0x4b0000 [0056.899] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.899] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\et\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1480f75, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0056.901] GetProcessHeap () returned 0x4b0000 [0056.901] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.901] GetProcessHeap () returned 0x4b0000 [0056.901] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.901] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\eu\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0194432, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16783027, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16783027, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.903] GetProcessHeap () returned 0x4b0000 [0056.903] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.903] GetProcessHeap () returned 0x4b0000 [0056.903] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.903] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\fi\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff0bc27, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16783027, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16783027, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.905] GetProcessHeap () returned 0x4b0000 [0056.905] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.905] GetProcessHeap () returned 0x4b0000 [0056.905] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.905] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\fr\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf458770a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16783027, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16783027, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.906] GetProcessHeap () returned 0x4b0000 [0056.906] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.906] GetProcessHeap () returned 0x4b0000 [0056.906] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\gl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf05741b2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16783027, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16783027, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.908] GetProcessHeap () returned 0x4b0000 [0056.908] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.908] GetProcessHeap () returned 0x4b0000 [0056.908] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.973] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\he\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0089415, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16710914, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16710914, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.975] GetProcessHeap () returned 0x4b0000 [0056.975] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.975] GetProcessHeap () returned 0x4b0000 [0056.975] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.975] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\hi\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1de43d5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16783027, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16783027, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.977] GetProcessHeap () returned 0x4b0000 [0056.977] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.977] GetProcessHeap () returned 0x4b0000 [0056.977] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.977] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\hr\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0f23aa6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16710914, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16710914, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.979] GetProcessHeap () returned 0x4b0000 [0056.979] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.979] GetProcessHeap () returned 0x4b0000 [0056.979] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.979] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\hu\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefe4d066, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16710914, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16710914, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0056.980] GetProcessHeap () returned 0x4b0000 [0056.980] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.980] GetProcessHeap () returned 0x4b0000 [0056.980] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.980] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\id\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf158c060, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.982] GetProcessHeap () returned 0x4b0000 [0056.982] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.982] GetProcessHeap () returned 0x4b0000 [0056.982] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\it\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1bce2f5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167cf4d5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167cf4d5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.984] GetProcessHeap () returned 0x4b0000 [0056.984] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.984] GetProcessHeap () returned 0x4b0000 [0056.984] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.984] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\ja\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd68243, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0056.986] GetProcessHeap () returned 0x4b0000 [0056.986] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.986] GetProcessHeap () returned 0x4b0000 [0056.986] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.986] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\kk\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf2ebae3b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0056.989] GetProcessHeap () returned 0x4b0000 [0056.989] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.989] GetProcessHeap () returned 0x4b0000 [0056.989] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.989] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\ko\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefe4d066, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0056.991] GetProcessHeap () returned 0x4b0000 [0056.991] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.991] GetProcessHeap () returned 0x4b0000 [0056.991] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.991] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\lt\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0063153, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0056.993] GetProcessHeap () returned 0x4b0000 [0056.993] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.993] GetProcessHeap () returned 0x4b0000 [0056.993] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.993] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\lv\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf10a1263, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167a9331, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167a9331, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0056.994] GetProcessHeap () returned 0x4b0000 [0056.994] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.995] GetProcessHeap () returned 0x4b0000 [0056.995] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.995] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\ms\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0089415, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167cf4d5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167cf4d5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0056.996] GetProcessHeap () returned 0x4b0000 [0056.996] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.996] GetProcessHeap () returned 0x4b0000 [0056.997] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\nl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf03d07a0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167f56e9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167f56e9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0056.998] GetProcessHeap () returned 0x4b0000 [0056.998] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0056.998] GetProcessHeap () returned 0x4b0000 [0056.998] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0056.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\no\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf45d3b76, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167cf4d5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167cf4d5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.000] GetProcessHeap () returned 0x4b0000 [0057.000] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.000] GetProcessHeap () returned 0x4b0000 [0057.000] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\pl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefee59ce, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167cf4d5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167cf4d5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.002] GetProcessHeap () returned 0x4b0000 [0057.002] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.002] GetProcessHeap () returned 0x4b0000 [0057.002] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\pt\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff31e88, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167cf4d5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167cf4d5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.004] GetProcessHeap () returned 0x4b0000 [0057.004] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.004] GetProcessHeap () returned 0x4b0000 [0057.004] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.004] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\pt-PT\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefe00baf, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x167cf4d5, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x167cf4d5, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.006] GetProcessHeap () returned 0x4b0000 [0057.006] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.006] GetProcessHeap () returned 0x4b0000 [0057.006] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefee59ce, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x88e2fa3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x88e2fa3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.007] GetProcessHeap () returned 0x4b0000 [0057.007] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.007] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1025\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf145ad52, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf145ad52, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf145ad52, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.008] GetProcessHeap () returned 0x4b0000 [0057.008] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.008] GetProcessHeap () returned 0x4b0000 [0057.008] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1026\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefee59ce, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xefee59ce, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xefee59ce, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.008] GetProcessHeap () returned 0x4b0000 [0057.008] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.008] GetProcessHeap () returned 0x4b0000 [0057.008] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\10266\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1755c61, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1755c61, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1755c61, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.028] GetProcessHeap () returned 0x4b0000 [0057.028] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.028] GetProcessHeap () returned 0x4b0000 [0057.028] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.028] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1027\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4266542, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf4266542, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4266542, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.029] GetProcessHeap () returned 0x4b0000 [0057.029] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.029] GetProcessHeap () returned 0x4b0000 [0057.029] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.029] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1028\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xffd42fe2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xffd42fe2, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xffd42fe2, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.029] GetProcessHeap () returned 0x4b0000 [0057.029] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.029] GetProcessHeap () returned 0x4b0000 [0057.029] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.029] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1029\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf632eb9d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf632eb9d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf632eb9d, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.029] GetProcessHeap () returned 0x4b0000 [0057.029] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.029] GetProcessHeap () returned 0x4b0000 [0057.030] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.030] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1030\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaf7a22a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfaf7a22a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfaf7a22a, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.030] GetProcessHeap () returned 0x4b0000 [0057.030] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.030] GetProcessHeap () returned 0x4b0000 [0057.030] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.030] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1031\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x633d60, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x633d60, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x633d60, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.030] GetProcessHeap () returned 0x4b0000 [0057.030] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.030] GetProcessHeap () returned 0x4b0000 [0057.030] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.030] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1032\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e6a31, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x51e6a31, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x51e6a31, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.032] GetProcessHeap () returned 0x4b0000 [0057.032] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.032] GetProcessHeap () returned 0x4b0000 [0057.032] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.032] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42d8c51, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf42fef17, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf42fef17, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.032] GetProcessHeap () returned 0x4b0000 [0057.032] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.032] GetProcessHeap () returned 0x4b0000 [0057.032] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.032] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1035\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6a56cbe, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6a7cf13, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6a7cf13, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.033] GetProcessHeap () returned 0x4b0000 [0057.033] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.034] GetProcessHeap () returned 0x4b0000 [0057.034] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.034] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1036\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa911c96, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfa911c96, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfa911c96, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.034] GetProcessHeap () returned 0x4b0000 [0057.034] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.034] GetProcessHeap () returned 0x4b0000 [0057.034] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.034] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1037\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67a8250, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x67a8250, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x67a8250, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0057.034] GetProcessHeap () returned 0x4b0000 [0057.034] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.034] GetProcessHeap () returned 0x4b0000 [0057.034] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.034] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1038\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x88e2fa3, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x88e2fa3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x88e2fa3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.036] GetProcessHeap () returned 0x4b0000 [0057.036] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.036] GetProcessHeap () returned 0x4b0000 [0057.036] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.036] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1040\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x381f2dc, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x381f2dc, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x381f2dc, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.037] GetProcessHeap () returned 0x4b0000 [0057.038] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.038] GetProcessHeap () returned 0x4b0000 [0057.038] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1041\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6355df6, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6355df6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6355df6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.038] GetProcessHeap () returned 0x4b0000 [0057.038] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.038] GetProcessHeap () returned 0x4b0000 [0057.038] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1042\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf048f354, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf048f354, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf048f354, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.039] GetProcessHeap () returned 0x4b0000 [0057.039] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.039] GetProcessHeap () returned 0x4b0000 [0057.039] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.039] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1043\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x303975a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x303975a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x303975a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.040] GetProcessHeap () returned 0x4b0000 [0057.040] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.040] GetProcessHeap () returned 0x4b0000 [0057.040] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.040] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1044\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf61d7668, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf61fd8b4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf61fd8b4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.040] GetProcessHeap () returned 0x4b0000 [0057.040] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.040] GetProcessHeap () returned 0x4b0000 [0057.040] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.040] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1045\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf2ebae3b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf2ebae3b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf2ebae3b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.040] GetProcessHeap () returned 0x4b0000 [0057.040] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.040] GetProcessHeap () returned 0x4b0000 [0057.041] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.041] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1046\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1887f3e, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1887f3e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1887f3e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.041] GetProcessHeap () returned 0x4b0000 [0057.041] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.041] GetProcessHeap () returned 0x4b0000 [0057.041] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.041] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1048\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5a8a2df, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf5a8a2df, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf5a8a2df, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.042] GetProcessHeap () returned 0x4b0000 [0057.042] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.042] GetProcessHeap () returned 0x4b0000 [0057.042] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1049\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6b87f8e, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6b87f8e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6b87f8e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.042] GetProcessHeap () returned 0x4b0000 [0057.042] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.042] GetProcessHeap () returned 0x4b0000 [0057.042] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1050\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfcc62b13, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfcc62b13, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfcc62b13, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.043] GetProcessHeap () returned 0x4b0000 [0057.043] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.043] GetProcessHeap () returned 0x4b0000 [0057.043] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.043] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1051\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x303975a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x303975a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x303975a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.043] GetProcessHeap () returned 0x4b0000 [0057.043] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.043] GetProcessHeap () returned 0x4b0000 [0057.043] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.043] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1053\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6bd3439, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf6bd3439, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6bd3439, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.043] GetProcessHeap () returned 0x4b0000 [0057.043] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.043] GetProcessHeap () returned 0x4b0000 [0057.043] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.043] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1054\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf443017d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf443017d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf443017d, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.044] GetProcessHeap () returned 0x4b0000 [0057.044] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.044] GetProcessHeap () returned 0x4b0000 [0057.044] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.044] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1055\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0089415, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf0089415, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf0089415, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.045] GetProcessHeap () returned 0x4b0000 [0057.045] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.045] GetProcessHeap () returned 0x4b0000 [0057.045] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1057\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa8eba59, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfa8eba59, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfa8eba59, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.045] GetProcessHeap () returned 0x4b0000 [0057.045] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.045] GetProcessHeap () returned 0x4b0000 [0057.045] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1058\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1a046b0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1a046b0, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1a046b0, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.046] GetProcessHeap () returned 0x4b0000 [0057.046] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.046] GetProcessHeap () returned 0x4b0000 [0057.046] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.046] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1060\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf99b89f6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf99b89f6, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf99b89f6, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.047] GetProcessHeap () returned 0x4b0000 [0057.047] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.047] GetProcessHeap () returned 0x4b0000 [0057.047] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1061\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc2d943c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc2d943c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc2d943c, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.047] GetProcessHeap () returned 0x4b0000 [0057.047] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.047] GetProcessHeap () returned 0x4b0000 [0057.047] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1062\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1992fb3, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1992fb3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1992fb3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.048] GetProcessHeap () returned 0x4b0000 [0057.048] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.048] GetProcessHeap () returned 0x4b0000 [0057.048] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1063\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56853a0, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x56853a0, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x56853a0, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.048] GetProcessHeap () returned 0x4b0000 [0057.048] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.048] GetProcessHeap () returned 0x4b0000 [0057.048] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1066\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf80d6078, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf80d6078, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf80d6078, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.049] GetProcessHeap () returned 0x4b0000 [0057.049] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.049] GetProcessHeap () returned 0x4b0000 [0057.049] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.049] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1069\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xffe01c35, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xffe01c35, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xffe01c35, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.050] GetProcessHeap () returned 0x4b0000 [0057.050] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.050] GetProcessHeap () returned 0x4b0000 [0057.050] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1081\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5afc9d3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf5afc9d3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf5afc9d3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.051] GetProcessHeap () returned 0x4b0000 [0057.051] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.051] GetProcessHeap () returned 0x4b0000 [0057.051] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1086\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7a2268a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x7abb0bc, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x7abb0bc, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.051] GetProcessHeap () returned 0x4b0000 [0057.052] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.052] GetProcessHeap () returned 0x4b0000 [0057.052] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1087\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6355df6, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6355df6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6355df6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.052] GetProcessHeap () returned 0x4b0000 [0057.052] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.052] GetProcessHeap () returned 0x4b0000 [0057.052] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\1110\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf61fd8b4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf61fd8b4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf61fd8b4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.053] GetProcessHeap () returned 0x4b0000 [0057.053] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.053] GetProcessHeap () returned 0x4b0000 [0057.053] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\2052\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc47ce76, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc47ce76, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc47ce76, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.053] GetProcessHeap () returned 0x4b0000 [0057.053] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.053] GetProcessHeap () returned 0x4b0000 [0057.053] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\2070\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c40a24, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1c40a24, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1c40a24, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.054] GetProcessHeap () returned 0x4b0000 [0057.054] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.054] GetProcessHeap () returned 0x4b0000 [0057.054] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\2074\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf17ee5c3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf17ee5c3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf17ee5c3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.054] GetProcessHeap () returned 0x4b0000 [0057.054] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.054] GetProcessHeap () returned 0x4b0000 [0057.054] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\3082\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6354def, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf6354def, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6354def, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.054] GetProcessHeap () returned 0x4b0000 [0057.054] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.054] GetProcessHeap () returned 0x4b0000 [0057.054] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\Resources\\9242\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67ce4b2, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x67ce4b2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x67ce4b2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.055] GetProcessHeap () returned 0x4b0000 [0057.055] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.055] GetProcessHeap () returned 0x4b0000 [0057.055] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.055] GetProcessHeap () returned 0x4b0000 [0057.055] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.056] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\ro\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefee59ce, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.058] GetProcessHeap () returned 0x4b0000 [0057.058] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.058] GetProcessHeap () returned 0x4b0000 [0057.058] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\ru\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff31e88, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.059] GetProcessHeap () returned 0x4b0000 [0057.059] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.059] GetProcessHeap () returned 0x4b0000 [0057.059] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.059] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\sk\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff580e7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.061] GetProcessHeap () returned 0x4b0000 [0057.061] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.061] GetProcessHeap () returned 0x4b0000 [0057.061] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\sl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefe99511, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.063] GetProcessHeap () returned 0x4b0000 [0057.063] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.063] GetProcessHeap () returned 0x4b0000 [0057.063] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.063] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\sr-cyrl\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1b5bbeb, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.064] GetProcessHeap () returned 0x4b0000 [0057.064] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.064] GetProcessHeap () returned 0x4b0000 [0057.064] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.064] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\sr-latn\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0089415, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.069] GetProcessHeap () returned 0x4b0000 [0057.069] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.069] GetProcessHeap () returned 0x4b0000 [0057.069] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\sr-Latn-CS\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0063153, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.071] GetProcessHeap () returned 0x4b0000 [0057.071] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.071] GetProcessHeap () returned 0x4b0000 [0057.071] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.071] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\sv\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf02eb98a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1681b941, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1681b941, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.072] GetProcessHeap () returned 0x4b0000 [0057.072] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.072] GetProcessHeap () returned 0x4b0000 [0057.072] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.072] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\th\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefebf763, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16841bb6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16841bb6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.075] GetProcessHeap () returned 0x4b0000 [0057.075] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.075] GetProcessHeap () returned 0x4b0000 [0057.075] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.075] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\tr\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c40a24, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16867e02, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16867e02, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.077] GetProcessHeap () returned 0x4b0000 [0057.077] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.077] GetProcessHeap () returned 0x4b0000 [0057.077] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.077] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\uk\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1565dae, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16841bb6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16841bb6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.078] GetProcessHeap () returned 0x4b0000 [0057.078] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.078] GetProcessHeap () returned 0x4b0000 [0057.078] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\vi\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf164abda, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16841bb6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16841bb6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.080] GetProcessHeap () returned 0x4b0000 [0057.080] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.080] GetProcessHeap () returned 0x4b0000 [0057.080] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.080] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\zh-CHS\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefebf763, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16841bb6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16841bb6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.082] GetProcessHeap () returned 0x4b0000 [0057.082] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.082] GetProcessHeap () returned 0x4b0000 [0057.082] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.082] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\PowerPivot Excel Add-in\\zh-CHT\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ae94c9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x16841bb6, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x16841bb6, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.084] GetProcessHeap () returned 0x4b0000 [0057.084] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.084] GetProcessHeap () returned 0x4b0000 [0057.084] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.085] GetProcessHeap () returned 0x4b0000 [0057.085] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.085] GetProcessHeap () returned 0x4b0000 [0057.085] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Bibliography\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2ad8211, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x17728794, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x17728794, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.086] GetProcessHeap () returned 0x4b0000 [0057.086] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Bibliography\\Sort\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x176dc2d0, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x17774bfd, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x17774bfd, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.087] GetProcessHeap () returned 0x4b0000 [0057.087] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.087] GetProcessHeap () returned 0x4b0000 [0057.087] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.087] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Bibliography\\Style\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2ad8211, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc38b3c05, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc3bd4d47, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.089] GetProcessHeap () returned 0x4b0000 [0057.089] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.089] GetProcessHeap () returned 0x4b0000 [0057.089] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.090] GetProcessHeap () returned 0x4b0000 [0057.090] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.090] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\BORDERS\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x17774bfd, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x17774bfd, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.093] GetProcessHeap () returned 0x4b0000 [0057.093] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.093] GetProcessHeap () returned 0x4b0000 [0057.093] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.093] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Configuration\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1774e9ab, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1774e9ab, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.095] GetProcessHeap () returned 0x4b0000 [0057.095] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.096] GetProcessHeap () returned 0x4b0000 [0057.096] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.096] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\CONVERT\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec4ee541, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6e5cc4e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6e5cc4e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.097] GetProcessHeap () returned 0x4b0000 [0057.097] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.097] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\CONVERT\\1033\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec4ee541, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf477755d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4cd4a32, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.099] GetProcessHeap () returned 0x4b0000 [0057.099] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.099] GetProcessHeap () returned 0x4b0000 [0057.099] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.100] GetProcessHeap () returned 0x4b0000 [0057.100] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.100] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Document Parts\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4d9058b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc4d9058b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc4d9058b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.101] GetProcessHeap () returned 0x4b0000 [0057.101] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.101] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Document Parts\\1033\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4d9058b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc4d9058b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc4d9058b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.102] GetProcessHeap () returned 0x4b0000 [0057.102] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.102] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Document Parts\\1033\\16\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4d9058b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc4d9058b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc4db6809, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.102] GetProcessHeap () returned 0x4b0000 [0057.102] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.103] GetProcessHeap () returned 0x4b0000 [0057.103] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.103] GetProcessHeap () returned 0x4b0000 [0057.103] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.115] GetProcessHeap () returned 0x4b0000 [0057.115] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.115] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\FORMS\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca90ec5a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xca90ec5a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xca90ec5a, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.115] GetProcessHeap () returned 0x4b0000 [0057.115] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.116] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\FORMS\\1033\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca90ec5a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb548de7, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeff0bc27, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.120] GetProcessHeap () returned 0x4b0000 [0057.120] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.120] GetProcessHeap () returned 0x4b0000 [0057.120] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.120] GetProcessHeap () returned 0x4b0000 [0057.121] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.121] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x197a4903, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x197a4903, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0057.122] GetProcessHeap () returned 0x4b0000 [0057.122] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Certificates\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ff3259, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x186355ca, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x186355ca, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.122] GetProcessHeap () returned 0x4b0000 [0057.122] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.123] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Certificates\\groove.net\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x186355ca, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1b0f9971, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1b0f9971, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.123] GetProcessHeap () returned 0x4b0000 [0057.123] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.123] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Certificates\\groove.net\\Components\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18aadbcf, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x18aadbcf, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x18aadbcf, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.125] GetProcessHeap () returned 0x4b0000 [0057.125] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.125] GetProcessHeap () returned 0x4b0000 [0057.125] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.125] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Certificates\\groove.net\\ManagedObjects\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b0f9971, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1b0f9971, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1b0f9971, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.128] GetProcessHeap () returned 0x4b0000 [0057.128] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.128] GetProcessHeap () returned 0x4b0000 [0057.128] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.128] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Certificates\\groove.net\\Servers\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x186355ca, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x18681a5c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x18681a5c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.128] GetProcessHeap () returned 0x4b0000 [0057.128] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.129] GetProcessHeap () returned 0x4b0000 [0057.129] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.129] GetProcessHeap () returned 0x4b0000 [0057.129] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.130] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Certificates\\Verisign\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x186355ca, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1865b8d4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1865b8d4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.130] GetProcessHeap () returned 0x4b0000 [0057.130] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.130] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Certificates\\Verisign\\Components\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1865b8d4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1b0f9971, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1b0f9971, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.132] GetProcessHeap () returned 0x4b0000 [0057.132] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.133] GetProcessHeap () returned 0x4b0000 [0057.133] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.133] GetProcessHeap () returned 0x4b0000 [0057.133] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.133] GetProcessHeap () returned 0x4b0000 [0057.133] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.133] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Sounds\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18681a5c, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x18ad3e4a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x18ad3e4a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.133] GetProcessHeap () returned 0x4b0000 [0057.133] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.134] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Sounds\\People\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18a3b641, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x197321ed, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x197321ed, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.136] GetProcessHeap () returned 0x4b0000 [0057.136] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.136] GetProcessHeap () returned 0x4b0000 [0057.136] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.136] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Sounds\\Places\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18ad3e4a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1907d846, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1907d846, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.139] GetProcessHeap () returned 0x4b0000 [0057.139] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.139] GetProcessHeap () returned 0x4b0000 [0057.139] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.139] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\Sounds\\Things\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18ad3e4a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1bc991c1, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1bc991c1, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.142] GetProcessHeap () returned 0x4b0000 [0057.142] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.142] GetProcessHeap () returned 0x4b0000 [0057.142] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.142] GetProcessHeap () returned 0x4b0000 [0057.142] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.143] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\ToolBMPs\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1907d846, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1b6c9560, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1b6c9560, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.147] GetProcessHeap () returned 0x4b0000 [0057.147] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.147] GetProcessHeap () returned 0x4b0000 [0057.147] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.147] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\ToolData\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x197a4903, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x197a4903, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x197a4903, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.147] GetProcessHeap () returned 0x4b0000 [0057.147] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.148] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\ToolData\\groove.net\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x197a4903, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x1983d259, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1983d259, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.148] GetProcessHeap () returned 0x4b0000 [0057.148] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.148] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\ToolData\\groove.net\\CommonData\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x197a4903, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x198afa29, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x198afa29, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.152] GetProcessHeap () returned 0x4b0000 [0057.152] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.152] GetProcessHeap () returned 0x4b0000 [0057.152] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.152] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\ToolData\\groove.net\\Computers\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1983d259, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x198634b7, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x198634b7, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.153] GetProcessHeap () returned 0x4b0000 [0057.153] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.153] GetProcessHeap () returned 0x4b0000 [0057.153] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.153] GetProcessHeap () returned 0x4b0000 [0057.153] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.153] GetProcessHeap () returned 0x4b0000 [0057.153] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Groove\\ToolIcons\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf073ddf4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x86a6c5d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x86a6c5d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.156] GetProcessHeap () returned 0x4b0000 [0057.156] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.156] GetProcessHeap () returned 0x4b0000 [0057.156] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.157] GetProcessHeap () returned 0x4b0000 [0057.157] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Library\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x19889710, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x19889710, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.157] GetProcessHeap () returned 0x4b0000 [0057.157] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Library\\Analysis\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf12b7378, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xafa146a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xafa146a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0057.159] GetProcessHeap () returned 0x4b0000 [0057.159] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.160] GetProcessHeap () returned 0x4b0000 [0057.160] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Library\\SOLVER\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf41a796b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf41a796b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xafa146a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.160] GetProcessHeap () returned 0x4b0000 [0057.160] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.160] GetProcessHeap () returned 0x4b0000 [0057.160] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.160] GetProcessHeap () returned 0x4b0000 [0057.160] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\LogoImages\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1b27715c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1b27715c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.201] GetProcessHeap () returned 0x4b0000 [0057.201] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.203] GetProcessHeap () returned 0x4b0000 [0057.203] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.203] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Media\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1b22ac67, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1b22ac67, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.207] GetProcessHeap () returned 0x4b0000 [0057.207] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.209] GetProcessHeap () returned 0x4b0000 [0057.209] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.209] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1b3a83c3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1b3a83c3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.210] GetProcessHeap () returned 0x4b0000 [0057.210] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.210] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\ar\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf99462e6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf99462e6, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf99462e6, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.210] GetProcessHeap () returned 0x4b0000 [0057.210] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.210] GetProcessHeap () returned 0x4b0000 [0057.210] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.210] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\bg\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6dea551, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6dea551, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6dea551, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0057.211] GetProcessHeap () returned 0x4b0000 [0057.211] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.211] GetProcessHeap () returned 0x4b0000 [0057.211] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.211] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\ca\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56853a0, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x56853a0, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x56853a0, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.212] GetProcessHeap () returned 0x4b0000 [0057.212] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.212] GetProcessHeap () returned 0x4b0000 [0057.212] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.212] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\cs\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf803d796, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf803d796, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf803d796, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.212] GetProcessHeap () returned 0x4b0000 [0057.212] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.212] GetProcessHeap () returned 0x4b0000 [0057.212] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.212] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\da\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6165f55, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6165f55, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6165f55, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.213] GetProcessHeap () returned 0x4b0000 [0057.213] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.213] GetProcessHeap () returned 0x4b0000 [0057.213] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.213] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\de\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6224b6a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6224b6a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6224b6a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.213] GetProcessHeap () returned 0x4b0000 [0057.213] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.213] GetProcessHeap () returned 0x4b0000 [0057.213] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.213] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\el\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff0bc27, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeff0bc27, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeff31e88, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.213] GetProcessHeap () returned 0x4b0000 [0057.213] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.213] GetProcessHeap () returned 0x4b0000 [0057.213] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.213] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\en-us\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5a3de35, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf5a3de35, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf5a3de35, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.215] GetProcessHeap () returned 0x4b0000 [0057.215] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.215] GetProcessHeap () returned 0x4b0000 [0057.215] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.215] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\es\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfcb7dd00, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfcb7dd00, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfcb7dd00, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.216] GetProcessHeap () returned 0x4b0000 [0057.216] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.216] GetProcessHeap () returned 0x4b0000 [0057.216] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.216] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\et\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fd9ab, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x7fd9ab, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x7fd9ab, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.216] GetProcessHeap () returned 0x4b0000 [0057.216] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.217] GetProcessHeap () returned 0x4b0000 [0057.217] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.217] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\eu\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37869c8, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x37869c8, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x37869c8, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.217] GetProcessHeap () returned 0x4b0000 [0057.217] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.217] GetProcessHeap () returned 0x4b0000 [0057.217] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.217] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\fi\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc53b9f9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc53b9f9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc53b9f9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0057.217] GetProcessHeap () returned 0x4b0000 [0057.217] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.217] GetProcessHeap () returned 0x4b0000 [0057.217] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.217] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\fr\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fd9ab, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x7fd9ab, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x7fd9ab, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.218] GetProcessHeap () returned 0x4b0000 [0057.218] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.218] GetProcessHeap () returned 0x4b0000 [0057.218] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.218] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\gl\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa178468, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfa178468, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfa178468, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.219] GetProcessHeap () returned 0x4b0000 [0057.219] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.219] GetProcessHeap () returned 0x4b0000 [0057.219] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.219] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\he\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf618b1a4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf618b1a4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf618b1a4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.219] GetProcessHeap () returned 0x4b0000 [0057.219] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.220] GetProcessHeap () returned 0x4b0000 [0057.220] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.220] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\hi\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56853a0, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x56853a0, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x56853a0, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.220] GetProcessHeap () returned 0x4b0000 [0057.220] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.220] GetProcessHeap () returned 0x4b0000 [0057.220] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.220] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\hr\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf480feb5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf480feb5, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf480feb5, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.221] GetProcessHeap () returned 0x4b0000 [0057.221] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.221] GetProcessHeap () returned 0x4b0000 [0057.221] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.221] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\hu\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4646280, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf4646280, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4646280, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.221] GetProcessHeap () returned 0x4b0000 [0057.221] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.221] GetProcessHeap () returned 0x4b0000 [0057.221] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.221] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\id\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63a229e, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x63a229e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x63a229e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.222] GetProcessHeap () returned 0x4b0000 [0057.222] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.222] GetProcessHeap () returned 0x4b0000 [0057.222] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.222] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\it\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59b433, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x59b433, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x59b433, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.222] GetProcessHeap () returned 0x4b0000 [0057.222] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.222] GetProcessHeap () returned 0x4b0000 [0057.223] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.223] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\ja\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6aef645, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6aef645, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6aef645, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.223] GetProcessHeap () returned 0x4b0000 [0057.223] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.223] GetProcessHeap () returned 0x4b0000 [0057.223] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.223] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\kk\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6781ff8, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6781ff8, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x67a8250, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.224] GetProcessHeap () returned 0x4b0000 [0057.224] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.224] GetProcessHeap () returned 0x4b0000 [0057.224] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.224] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\ko\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5f9c329, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x5f9c329, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x5f9c329, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.224] GetProcessHeap () returned 0x4b0000 [0057.224] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.224] GetProcessHeap () returned 0x4b0000 [0057.224] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.224] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\lt\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1bce2f5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1bce2f5, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1bf45a7, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.224] GetProcessHeap () returned 0x4b0000 [0057.224] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.224] GetProcessHeap () returned 0x4b0000 [0057.224] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.225] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\lv\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf13037fa, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf13037fa, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf13037fa, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.225] GetProcessHeap () returned 0x4b0000 [0057.225] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.226] GetProcessHeap () returned 0x4b0000 [0057.226] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.226] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\ms\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc21a8ad, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc21a8ad, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc21a8ad, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.226] GetProcessHeap () returned 0x4b0000 [0057.226] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.226] GetProcessHeap () returned 0x4b0000 [0057.226] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.226] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\nl\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaf2dd35, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfaf2dd35, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfaf2dd35, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.227] GetProcessHeap () returned 0x4b0000 [0057.227] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.227] GetProcessHeap () returned 0x4b0000 [0057.227] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\no\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xffe01c35, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xffe01c35, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xffe01c35, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.227] GetProcessHeap () returned 0x4b0000 [0057.228] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.228] GetProcessHeap () returned 0x4b0000 [0057.228] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.228] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\pl\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x68ff786, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x68ff786, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x69259a9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.228] GetProcessHeap () returned 0x4b0000 [0057.228] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.228] GetProcessHeap () returned 0x4b0000 [0057.228] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.228] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\pt\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc2b31ff, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc2b31ff, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc2b31ff, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.229] GetProcessHeap () returned 0x4b0000 [0057.229] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.229] GetProcessHeap () returned 0x4b0000 [0057.229] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\pt-BR\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x386b77a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x386b77a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x386b77a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.230] GetProcessHeap () returned 0x4b0000 [0057.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.230] GetProcessHeap () returned 0x4b0000 [0057.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.230] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\ro\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4903b8, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x4903b8, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x4903b8, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.230] GetProcessHeap () returned 0x4b0000 [0057.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.230] GetProcessHeap () returned 0x4b0000 [0057.230] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.230] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\ru\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86a6c5d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x86a6c5d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x86a6c5d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.230] GetProcessHeap () returned 0x4b0000 [0057.230] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.230] GetProcessHeap () returned 0x4b0000 [0057.231] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.231] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\sk\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67a8250, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x67a8250, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x67a8250, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0057.231] GetProcessHeap () returned 0x4b0000 [0057.231] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.231] GetProcessHeap () returned 0x4b0000 [0057.231] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.231] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\sl\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6a7cf13, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6a7cf13, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6a7cf13, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.231] GetProcessHeap () returned 0x4b0000 [0057.231] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.231] GetProcessHeap () returned 0x4b0000 [0057.231] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.231] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\sr-Cyrl-BA\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1565dae, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1565dae, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1565dae, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.231] GetProcessHeap () returned 0x4b0000 [0057.232] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.232] GetProcessHeap () returned 0x4b0000 [0057.232] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.232] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\sr-Cyrl-CS\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf443017d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf443017d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf44563cd, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.232] GetProcessHeap () returned 0x4b0000 [0057.232] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.232] GetProcessHeap () returned 0x4b0000 [0057.232] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.232] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\sr-Latn-CS\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ae94c9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1ae94c9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1ae94c9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.233] GetProcessHeap () returned 0x4b0000 [0057.233] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.233] GetProcessHeap () returned 0x4b0000 [0057.233] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.233] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\sv\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6354def, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf6354def, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6354def, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.233] GetProcessHeap () returned 0x4b0000 [0057.233] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.233] GetProcessHeap () returned 0x4b0000 [0057.233] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.233] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\th\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb67b102, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfb67b102, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfb6ed802, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.234] GetProcessHeap () returned 0x4b0000 [0057.234] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.234] GetProcessHeap () returned 0x4b0000 [0057.234] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.234] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\tr\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc53b9f9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc53b9f9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc53b9f9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.234] GetProcessHeap () returned 0x4b0000 [0057.234] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.234] GetProcessHeap () returned 0x4b0000 [0057.234] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.234] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\uk\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf80d6078, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf80d6078, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf80d6078, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.235] GetProcessHeap () returned 0x4b0000 [0057.235] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.235] GetProcessHeap () returned 0x4b0000 [0057.235] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.235] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\vi\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c46ba0, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6c46ba0, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6c46ba0, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.237] GetProcessHeap () returned 0x4b0000 [0057.237] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.237] GetProcessHeap () returned 0x4b0000 [0057.237] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.237] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\zh-CN\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc40a725, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc40a725, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc40a725, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.238] GetProcessHeap () returned 0x4b0000 [0057.238] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.238] GetProcessHeap () returned 0x4b0000 [0057.238] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.238] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\MSIPC\\zh-TW\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x659fb9, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x659fb9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x659fb9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.238] GetProcessHeap () returned 0x4b0000 [0057.238] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.238] GetProcessHeap () returned 0x4b0000 [0057.238] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.241] GetProcessHeap () returned 0x4b0000 [0057.241] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.242] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\OneNote\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1c8ab024, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1c8ab024, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.243] GetProcessHeap () returned 0x4b0000 [0057.243] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.244] GetProcessHeap () returned 0x4b0000 [0057.244] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.244] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\OutlookAutoDiscover\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1fc86400, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1fc86400, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.265] GetProcessHeap () returned 0x4b0000 [0057.265] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.265] GetProcessHeap () returned 0x4b0000 [0057.265] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\PAGESIZE\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc348b22, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1fc39fa2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x1fc39fa2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.269] GetProcessHeap () returned 0x4b0000 [0057.269] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.269] GetProcessHeap () returned 0x4b0000 [0057.269] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.269] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc39bed4a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xb0d2731, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb0d2731, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.271] GetProcessHeap () returned 0x4b0000 [0057.271] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.271] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\1033\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc52c782a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc52c782a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc52c782a, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.272] GetProcessHeap () returned 0x4b0000 [0057.272] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.272] GetProcessHeap () returned 0x4b0000 [0057.272] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.272] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\1036\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf318faf5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf318faf5, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf31b5d3e, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.272] GetProcessHeap () returned 0x4b0000 [0057.272] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.272] GetProcessHeap () returned 0x4b0000 [0057.272] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.272] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\3082\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe34d5ed4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xe34d5ed4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xe34d5ed4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.272] GetProcessHeap () returned 0x4b0000 [0057.272] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.273] GetProcessHeap () returned 0x4b0000 [0057.273] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.273] GetProcessHeap () returned 0x4b0000 [0057.273] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.273] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\PUBBA\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x246bb96e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x246bb96e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.276] GetProcessHeap () returned 0x4b0000 [0057.276] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.276] GetProcessHeap () returned 0x4b0000 [0057.276] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.276] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\PUBWIZ\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc3bb225, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x241382dc, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x241382dc, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.283] GetProcessHeap () returned 0x4b0000 [0057.283] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.284] GetProcessHeap () returned 0x4b0000 [0057.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.284] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\QUERIES\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeda173cc, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeda173cc, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.284] GetProcessHeap () returned 0x4b0000 [0057.284] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.284] GetProcessHeap () returned 0x4b0000 [0057.284] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.284] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\SAMPLES\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeda173cc, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xb48c20e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.285] GetProcessHeap () returned 0x4b0000 [0057.285] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.285] GetProcessHeap () returned 0x4b0000 [0057.285] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.285] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\STARTUP\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeda173cc, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeda173cc, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.285] GetProcessHeap () returned 0x4b0000 [0057.285] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.286] GetProcessHeap () returned 0x4b0000 [0057.286] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.286] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Visio Content\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa326fd, ftCreationTime.dwHighDateTime=0x1d47c32, ftLastAccessTime.dwLowDateTime=0xa326fd, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0xa326fd, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.287] GetProcessHeap () returned 0x4b0000 [0057.287] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.288] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\Visio Content\\1033\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa326fd, ftCreationTime.dwHighDateTime=0x1d47c32, ftLastAccessTime.dwLowDateTime=0x4cce0ca, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x4cce0ca, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.355] GetProcessHeap () returned 0x4b0000 [0057.355] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.355] GetProcessHeap () returned 0x4b0000 [0057.355] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.356] GetProcessHeap () returned 0x4b0000 [0057.356] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.356] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\XLSTART\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeda173cc, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeda173cc, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeda173cc, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.356] GetProcessHeap () returned 0x4b0000 [0057.356] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.356] GetProcessHeap () returned 0x4b0000 [0057.356] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.357] GetProcessHeap () returned 0x4b0000 [0057.357] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.357] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\rsod\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8396fbd3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3b1a0d3d, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b1a0d3d, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.362] GetProcessHeap () returned 0x4b0000 [0057.362] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.362] GetProcessHeap () returned 0x4b0000 [0057.363] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Stationery\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xb48c20e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb48c20e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.363] GetProcessHeap () returned 0x4b0000 [0057.363] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Stationery\\1033\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb48c20e, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb6099da, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb6099da, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.371] GetProcessHeap () returned 0x4b0000 [0057.371] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.371] GetProcessHeap () returned 0x4b0000 [0057.371] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.371] GetProcessHeap () returned 0x4b0000 [0057.371] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.372] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee45f66d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb2fdc25, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xeb2fdc25, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.372] GetProcessHeap () returned 0x4b0000 [0057.372] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.372] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb571036, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x3c29db74, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3c29db74, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.375] GetProcessHeap () returned 0x4b0000 [0057.375] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\Access\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5972d3, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb5bd4f1, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb5bd4f1, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.376] GetProcessHeap () returned 0x4b0000 [0057.376] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.377] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\Access\\DataType\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5972d3, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb62fbf7, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb62fbf7, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.379] GetProcessHeap () returned 0x4b0000 [0057.379] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.379] GetProcessHeap () returned 0x4b0000 [0057.379] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.379] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\Access\\Part\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5bd4f1, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb6a2342, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb6a2342, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.429] GetProcessHeap () returned 0x4b0000 [0057.429] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.429] GetProcessHeap () returned 0x4b0000 [0057.429] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.429] GetProcessHeap () returned 0x4b0000 [0057.430] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.430] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\GettingStarted16\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2e332373, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x2e332373, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e332373, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.434] GetProcessHeap () returned 0x4b0000 [0057.434] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.435] GetProcessHeap () returned 0x4b0000 [0057.435] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.435] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\ONENOTE\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb760eed, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb760eed, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb760eed, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.435] GetProcessHeap () returned 0x4b0000 [0057.435] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.436] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\ONENOTE\\16\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb760eed, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb760eed, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb760eed, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.436] GetProcessHeap () returned 0x4b0000 [0057.436] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.436] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\ONENOTE\\16\\Notebook Templates\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb760eed, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb760eed, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb760eed, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.437] GetProcessHeap () returned 0x4b0000 [0057.437] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.437] GetProcessHeap () returned 0x4b0000 [0057.437] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\1033\\ONENOTE\\16\\Stationery\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb760eed, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xb7ad38b, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb81fa9e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.437] GetProcessHeap () returned 0x4b0000 [0057.437] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.437] GetProcessHeap () returned 0x4b0000 [0057.437] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.438] GetProcessHeap () returned 0x4b0000 [0057.438] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.438] GetProcessHeap () returned 0x4b0000 [0057.438] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.439] GetProcessHeap () returned 0x4b0000 [0057.439] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.439] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Templates\\Presentation Designs\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x24517fc9, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x24517fc9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x24517fc9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.440] GetProcessHeap () returned 0x4b0000 [0057.440] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.440] GetProcessHeap () returned 0x4b0000 [0057.440] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ea0048 | out: hHeap=0x4b0000) returned 1 [0057.441] GetProcessHeap () returned 0x4b0000 [0057.441] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ea0048 [0057.441] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\*", lpFindFileData=0xe9eb38 | out: lpFindFileData=0xe9eb38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb2fdc25, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xeb2fdc25, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05eb0 [0057.441] GetProcessHeap () returned 0x4b0000 [0057.441] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.441] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common AppData\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xaf31749c, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0xaf31749c, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.444] GetProcessHeap () returned 0x4b0000 [0057.444] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.444] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common AppData\\Microsoft\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9f15ef0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xaf31749c, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x5a112a2, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.445] GetProcessHeap () returned 0x4b0000 [0057.445] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.445] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common AppData\\Microsoft\\OFFICE\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9f15ef0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x381f2dc, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e2e5eac, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.447] GetProcessHeap () returned 0x4b0000 [0057.447] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common AppData\\Microsoft\\OFFICE\\Heartbeat\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2e2e5eac, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x2e2e5eac, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e2e5eac, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.447] GetProcessHeap () returned 0x4b0000 [0057.447] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.447] GetProcessHeap () returned 0x4b0000 [0057.447] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.448] GetProcessHeap () returned 0x4b0000 [0057.448] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common AppData\\Microsoft\\VISIO\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a112a2, ftCreationTime.dwHighDateTime=0x1d47c32, ftLastAccessTime.dwLowDateTime=0x5a112a2, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x5a112a2, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.449] GetProcessHeap () returned 0x4b0000 [0057.449] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.449] GetProcessHeap () returned 0x4b0000 [0057.449] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.450] GetProcessHeap () returned 0x4b0000 [0057.450] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.450] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common AppData\\Microsoft Help\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecf3682d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3b809370, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b809370, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.453] GetProcessHeap () returned 0x4b0000 [0057.453] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.453] GetProcessHeap () returned 0x4b0000 [0057.453] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.453] GetProcessHeap () returned 0x4b0000 [0057.454] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.454] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common Programs\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3c29db74, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3c29db74, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.455] GetProcessHeap () returned 0x4b0000 [0057.455] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.457] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Common Programs\\Microsoft Office 2016 Tools\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x24517fc9, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xeb2fdc25, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x3c29db74, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.460] GetProcessHeap () returned 0x4b0000 [0057.460] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.460] GetProcessHeap () returned 0x4b0000 [0057.460] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.461] GetProcessHeap () returned 0x4b0000 [0057.461] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.461] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Fonts\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x868ac6fd, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x868ac6fd, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.461] GetProcessHeap () returned 0x4b0000 [0057.461] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.462] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\Fonts\\private\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x868ac6fd, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8913323b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8913323b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.484] GetProcessHeap () returned 0x4b0000 [0057.484] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.484] GetProcessHeap () returned 0x4b0000 [0057.484] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.485] GetProcessHeap () returned 0x4b0000 [0057.485] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xaf31749c, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0xaf31749c, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.486] GetProcessHeap () returned 0x4b0000 [0057.486] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\DESIGNER\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb975fdf, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfb975fdf, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfb975fdf, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0057.487] GetProcessHeap () returned 0x4b0000 [0057.487] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.487] GetProcessHeap () returned 0x4b0000 [0057.487] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x868ac6fd, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x52ea133, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x52ea133, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.487] GetProcessHeap () returned 0x4b0000 [0057.487] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\DW\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf477755d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x246bb96e, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x246bb96e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.490] GetProcessHeap () returned 0x4b0000 [0057.490] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\DW\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf477755d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf477755d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf47e9c8f, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.491] GetProcessHeap () returned 0x4b0000 [0057.491] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.491] GetProcessHeap () returned 0x4b0000 [0057.491] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.491] GetProcessHeap () returned 0x4b0000 [0057.491] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x868ac6fd, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xb976f98, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb976f98, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.493] GetProcessHeap () returned 0x4b0000 [0057.493] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4620012, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf4620012, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4620012, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.494] GetProcessHeap () returned 0x4b0000 [0057.494] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.494] GetProcessHeap () returned 0x4b0000 [0057.494] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.495] GetProcessHeap () returned 0x4b0000 [0057.495] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EURO\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf99b89f6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf99b89f6, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf99b89f6, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.495] GetProcessHeap () returned 0x4b0000 [0057.495] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.495] GetProcessHeap () returned 0x4b0000 [0057.495] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Filters\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2ca2e08, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x14c6cb9, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x14c6cb9, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.496] GetProcessHeap () returned 0x4b0000 [0057.496] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.496] GetProcessHeap () returned 0x4b0000 [0057.496] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.496] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\GRPHFLT\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2e1f46, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xb976f98, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb976f98, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.498] GetProcessHeap () returned 0x4b0000 [0057.498] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.498] GetProcessHeap () returned 0x4b0000 [0057.498] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Help\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf12910b6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x26737b32, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x26737b32, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.500] GetProcessHeap () returned 0x4b0000 [0057.500] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.500] GetProcessHeap () returned 0x4b0000 [0057.500] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\MSClientDataMgr\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf472b09c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf472b09c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf472b09c, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.501] GetProcessHeap () returned 0x4b0000 [0057.501] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.501] GetProcessHeap () returned 0x4b0000 [0057.501] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2803429, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x26bb01a9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x26bb01a9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.502] GetProcessHeap () returned 0x4b0000 [0057.502] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.502] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc541ed37, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xb99d23b, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xb99d23b, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.503] GetProcessHeap () returned 0x4b0000 [0057.503] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.503] GetProcessHeap () returned 0x4b0000 [0057.503] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.503] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc461cf97, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc461cf97, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc461cf97, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.504] GetProcessHeap () returned 0x4b0000 [0057.504] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.504] GetProcessHeap () returned 0x4b0000 [0057.504] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.504] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\DataModel\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefe99511, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x24bcc96d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x24bcc96d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.505] GetProcessHeap () returned 0x4b0000 [0057.505] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.506] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\DataModel\\Cartridges\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x24bcc96d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x24d70354, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x24d70354, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.508] GetProcessHeap () returned 0x4b0000 [0057.508] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.508] GetProcessHeap () returned 0x4b0000 [0057.508] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.508] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\DataModel\\Resources\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4befc00, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf4befc00, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4befc00, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.509] GetProcessHeap () returned 0x4b0000 [0057.509] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ed0060 [0057.509] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\DataModel\\Resources\\1033\\*", lpFindFileData=0xe9dbd8 | out: lpFindFileData=0xe9dbd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4befc00, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf4befc00, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4befc00, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.509] GetProcessHeap () returned 0x4b0000 [0057.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ed0060 | out: hHeap=0x4b0000) returned 1 [0057.509] GetProcessHeap () returned 0x4b0000 [0057.509] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.509] GetProcessHeap () returned 0x4b0000 [0057.510] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.510] GetProcessHeap () returned 0x4b0000 [0057.510] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.511] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\en-us\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2803429, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc2803429, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc2803429, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.511] GetProcessHeap () returned 0x4b0000 [0057.511] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.511] GetProcessHeap () returned 0x4b0000 [0057.511] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.511] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Office Setup Controller\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef915def, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xef915def, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xef915def, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.512] GetProcessHeap () returned 0x4b0000 [0057.512] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.512] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Office Setup Controller\\Office.en-us\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef915def, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc8aa06f, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc8f6526, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.513] GetProcessHeap () returned 0x4b0000 [0057.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.513] GetProcessHeap () returned 0x4b0000 [0057.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.513] GetProcessHeap () returned 0x4b0000 [0057.513] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.514] GetProcessHeap () returned 0x4b0000 [0057.514] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.514] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\PROOF\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16be2c7, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xc8d02b2, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc8d02b2, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.515] GetProcessHeap () returned 0x4b0000 [0057.515] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.515] GetProcessHeap () returned 0x4b0000 [0057.515] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.515] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc576616a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x26bd6427, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x26bd6427, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.517] GetProcessHeap () returned 0x4b0000 [0057.517] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf07b04e4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf07b04e4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc8aa06f, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.517] GetProcessHeap () returned 0x4b0000 [0057.517] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.517] GetProcessHeap () returned 0x4b0000 [0057.517] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\LISTS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc883e0d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x26bd6427, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x26bd6427, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.532] GetProcessHeap () returned 0x4b0000 [0057.532] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.533] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc883e0d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xc883e0d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc8aa06f, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.533] GetProcessHeap () returned 0x4b0000 [0057.533] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.533] GetProcessHeap () returned 0x4b0000 [0057.533] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.533] GetProcessHeap () returned 0x4b0000 [0057.533] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.534] GetProcessHeap () returned 0x4b0000 [0057.534] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.535] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Source Engine\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0ed7602, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf0ed7602, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf0ed7602, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.535] GetProcessHeap () returned 0x4b0000 [0057.537] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.537] GetProcessHeap () returned 0x4b0000 [0057.537] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.537] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\TEXTCONV\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf15d84bd, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf42b29f3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x5f76153, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.538] GetProcessHeap () returned 0x4b0000 [0057.538] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.538] GetProcessHeap () returned 0x4b0000 [0057.538] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.538] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26bd6427, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c86bce, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c86bce, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.540] GetProcessHeap () returned 0x4b0000 [0057.540] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\AFTRNOON\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26bfc670, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27ae323c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27ae323c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.541] GetProcessHeap () returned 0x4b0000 [0057.541] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.541] GetProcessHeap () returned 0x4b0000 [0057.541] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.541] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\ARCTIC\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26bd6427, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c86bce, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c86bce, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.541] GetProcessHeap () returned 0x4b0000 [0057.541] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.541] GetProcessHeap () returned 0x4b0000 [0057.541] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.541] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\AXIS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26bd6427, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27abcfff, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27abcfff, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.541] GetProcessHeap () returned 0x4b0000 [0057.541] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.541] GetProcessHeap () returned 0x4b0000 [0057.541] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.541] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\BLENDS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27a70c44, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27a96da3, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27a96da3, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.542] GetProcessHeap () returned 0x4b0000 [0057.542] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.542] GetProcessHeap () returned 0x4b0000 [0057.542] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.542] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\BLUECALM\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27a70c44, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27a70c44, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27a70c44, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.543] GetProcessHeap () returned 0x4b0000 [0057.543] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.543] GetProcessHeap () returned 0x4b0000 [0057.543] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.543] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\BLUEPRNT\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27abcfff, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27ae323c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27ae323c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.544] GetProcessHeap () returned 0x4b0000 [0057.544] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.544] GetProcessHeap () returned 0x4b0000 [0057.544] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.544] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\BOLDSTRI\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27a96da3, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27abcfff, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27abcfff, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.546] GetProcessHeap () returned 0x4b0000 [0057.546] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.546] GetProcessHeap () returned 0x4b0000 [0057.546] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\BREEZE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27a96da3, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27abcfff, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27abcfff, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.546] GetProcessHeap () returned 0x4b0000 [0057.546] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.546] GetProcessHeap () returned 0x4b0000 [0057.546] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\CANYON\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27abcfff, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27abcfff, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27abcfff, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.547] GetProcessHeap () returned 0x4b0000 [0057.547] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.547] GetProcessHeap () returned 0x4b0000 [0057.547] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.547] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\CAPSULES\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27abcfff, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27abcfff, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27abcfff, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.548] GetProcessHeap () returned 0x4b0000 [0057.548] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.548] GetProcessHeap () returned 0x4b0000 [0057.548] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.548] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\CASCADE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27ae323c, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27ae323c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27ae323c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.548] GetProcessHeap () returned 0x4b0000 [0057.549] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.549] GetProcessHeap () returned 0x4b0000 [0057.549] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.549] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\COMPASS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27ae323c, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27ae323c, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27ae323c, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.550] GetProcessHeap () returned 0x4b0000 [0057.550] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.550] GetProcessHeap () returned 0x4b0000 [0057.550] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.550] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\CONCRETE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27abcfff, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27b094aa, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27b094aa, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.551] GetProcessHeap () returned 0x4b0000 [0057.551] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.551] GetProcessHeap () returned 0x4b0000 [0057.551] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.551] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\DEEPBLUE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27ae323c, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27b094aa, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27b094aa, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.551] GetProcessHeap () returned 0x4b0000 [0057.551] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.551] GetProcessHeap () returned 0x4b0000 [0057.552] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.552] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\ECHO\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27ae323c, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c86bce, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c86bce, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.552] GetProcessHeap () returned 0x4b0000 [0057.552] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.552] GetProcessHeap () returned 0x4b0000 [0057.552] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.552] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\ECLIPSE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b094aa, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c86bce, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c86bce, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.553] GetProcessHeap () returned 0x4b0000 [0057.553] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.553] GetProcessHeap () returned 0x4b0000 [0057.553] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.553] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\EDGE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b094aa, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27b094aa, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27b094aa, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.554] GetProcessHeap () returned 0x4b0000 [0057.554] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.554] GetProcessHeap () returned 0x4b0000 [0057.554] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.554] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\EVRGREEN\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b094aa, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27b2f705, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27b2f705, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.554] GetProcessHeap () returned 0x4b0000 [0057.554] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.554] GetProcessHeap () returned 0x4b0000 [0057.554] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.554] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\EXPEDITN\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b094aa, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27b2f705, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27b2f705, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.555] GetProcessHeap () returned 0x4b0000 [0057.555] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.555] GetProcessHeap () returned 0x4b0000 [0057.555] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.555] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\ICE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b094aa, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27ba1ded, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27ba1ded, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.556] GetProcessHeap () returned 0x4b0000 [0057.556] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.556] GetProcessHeap () returned 0x4b0000 [0057.556] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.556] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\INDUST\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b5591d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bee2a4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bee2a4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0057.556] GetProcessHeap () returned 0x4b0000 [0057.556] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.556] GetProcessHeap () returned 0x4b0000 [0057.556] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.556] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\IRIS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b5591d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27b7bb91, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27b7bb91, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.557] GetProcessHeap () returned 0x4b0000 [0057.557] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.557] GetProcessHeap () returned 0x4b0000 [0057.557] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\JOURNAL\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b5591d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bc8052, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bc8052, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.557] GetProcessHeap () returned 0x4b0000 [0057.557] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.558] GetProcessHeap () returned 0x4b0000 [0057.558] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\LAYERS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b7bb91, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27ba1ded, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27ba1ded, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.558] GetProcessHeap () returned 0x4b0000 [0057.558] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.558] GetProcessHeap () returned 0x4b0000 [0057.558] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.558] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\LEVEL\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27b7bb91, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bc8052, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bc8052, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.559] GetProcessHeap () returned 0x4b0000 [0057.559] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.559] GetProcessHeap () returned 0x4b0000 [0057.559] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\NETWORK\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bc8052, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bc8052, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bc8052, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.559] GetProcessHeap () returned 0x4b0000 [0057.559] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.559] GetProcessHeap () returned 0x4b0000 [0057.559] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\PAPYRUS\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bc8052, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bc8052, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bc8052, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.560] GetProcessHeap () returned 0x4b0000 [0057.560] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.560] GetProcessHeap () returned 0x4b0000 [0057.560] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\PIXEL\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bc8052, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bee2a4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bee2a4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.560] GetProcessHeap () returned 0x4b0000 [0057.560] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.561] GetProcessHeap () returned 0x4b0000 [0057.561] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.561] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\PROFILE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bc8052, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bc8052, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bc8052, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.561] GetProcessHeap () returned 0x4b0000 [0057.561] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.561] GetProcessHeap () returned 0x4b0000 [0057.561] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.561] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\QUAD\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bc8052, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bee2a4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bee2a4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.561] GetProcessHeap () returned 0x4b0000 [0057.561] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.562] GetProcessHeap () returned 0x4b0000 [0057.562] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.562] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\RADIAL\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bee2a4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bee2a4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bee2a4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.563] GetProcessHeap () returned 0x4b0000 [0057.563] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.563] GetProcessHeap () returned 0x4b0000 [0057.563] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\REFINED\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bee2a4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27bee2a4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27bee2a4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.563] GetProcessHeap () returned 0x4b0000 [0057.564] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.564] GetProcessHeap () returned 0x4b0000 [0057.564] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.564] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\RICEPAPR\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bee2a4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c144f9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c144f9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.564] GetProcessHeap () returned 0x4b0000 [0057.564] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.564] GetProcessHeap () returned 0x4b0000 [0057.564] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.564] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\RIPPLE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bee2a4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c144f9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c144f9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.565] GetProcessHeap () returned 0x4b0000 [0057.565] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.565] GetProcessHeap () returned 0x4b0000 [0057.565] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.565] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\RMNSQUE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27bee2a4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c144f9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c144f9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.566] GetProcessHeap () returned 0x4b0000 [0057.566] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.566] GetProcessHeap () returned 0x4b0000 [0057.566] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.566] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\SATIN\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c144f9, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x289576aa, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x289576aa, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.569] GetProcessHeap () returned 0x4b0000 [0057.569] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.569] GetProcessHeap () returned 0x4b0000 [0057.569] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\SKY\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c144f9, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c144f9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c144f9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.570] GetProcessHeap () returned 0x4b0000 [0057.570] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.570] GetProcessHeap () returned 0x4b0000 [0057.570] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.570] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\SLATE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c144f9, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c609b4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c609b4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.571] GetProcessHeap () returned 0x4b0000 [0057.571] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.571] GetProcessHeap () returned 0x4b0000 [0057.571] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.571] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\SONORA\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c3a755, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c3a755, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c3a755, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.571] GetProcessHeap () returned 0x4b0000 [0057.571] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.571] GetProcessHeap () returned 0x4b0000 [0057.571] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\SPRING\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c144f9, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c144f9, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c144f9, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.572] GetProcessHeap () returned 0x4b0000 [0057.572] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.572] GetProcessHeap () returned 0x4b0000 [0057.572] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\STRTEDGE\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c609b4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x28551719, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x28551719, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.573] GetProcessHeap () returned 0x4b0000 [0057.573] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.573] GetProcessHeap () returned 0x4b0000 [0057.573] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.573] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\STUDIO\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c3a755, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c3a755, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c3a755, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.574] GetProcessHeap () returned 0x4b0000 [0057.574] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.574] GetProcessHeap () returned 0x4b0000 [0057.574] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\SUMIPNTG\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c3a755, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27cace65, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27cace65, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.574] GetProcessHeap () returned 0x4b0000 [0057.574] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.574] GetProcessHeap () returned 0x4b0000 [0057.574] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\WATER\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c609b4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27c86bce, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27c86bce, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.575] GetProcessHeap () returned 0x4b0000 [0057.575] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.575] GetProcessHeap () returned 0x4b0000 [0057.575] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.575] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\THEMES16\\WATERMAR\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27c609b4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x27cace65, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27cace65, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.576] GetProcessHeap () returned 0x4b0000 [0057.576] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.576] GetProcessHeap () returned 0x4b0000 [0057.576] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.576] GetProcessHeap () returned 0x4b0000 [0057.576] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.577] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\TRANSLAT\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0dcc568, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x27cace65, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x27cace65, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.631] GetProcessHeap () returned 0x4b0000 [0057.631] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.632] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\TRANSLAT\\ENES\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85db99, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xc85db99, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc883e0d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.633] GetProcessHeap () returned 0x4b0000 [0057.633] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.633] GetProcessHeap () returned 0x4b0000 [0057.633] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.633] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\TRANSLAT\\ENFR\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8aa06f, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xc8aa06f, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc8aa06f, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0057.634] GetProcessHeap () returned 0x4b0000 [0057.634] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.634] GetProcessHeap () returned 0x4b0000 [0057.634] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.634] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\TRANSLAT\\ESEN\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c8cf9c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc8aa06f, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc8aa06f, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.634] GetProcessHeap () returned 0x4b0000 [0057.634] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.634] GetProcessHeap () returned 0x4b0000 [0057.634] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.634] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\TRANSLAT\\FREN\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf63a12a0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc8aa06f, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc91c74d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0057.635] GetProcessHeap () returned 0x4b0000 [0057.635] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.635] GetProcessHeap () returned 0x4b0000 [0057.635] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.636] GetProcessHeap () returned 0x4b0000 [0057.636] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.636] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca8c279f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xca8c279f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xca8c279f, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.636] GetProcessHeap () returned 0x4b0000 [0057.636] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.636] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca8c279f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf24004e4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf24004e4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.637] GetProcessHeap () returned 0x4b0000 [0057.637] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.637] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\1033\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb4d4679, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xcb4d4679, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xecf3682d, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.638] GetProcessHeap () returned 0x4b0000 [0057.638] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.638] GetProcessHeap () returned 0x4b0000 [0057.638] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.638] GetProcessHeap () returned 0x4b0000 [0057.638] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.639] GetProcessHeap () returned 0x4b0000 [0057.639] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.639] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Visio Shared\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52ea133, ftCreationTime.dwHighDateTime=0x1d47c32, ftLastAccessTime.dwLowDateTime=0x52ea133, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x52ea133, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.639] GetProcessHeap () returned 0x4b0000 [0057.640] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.640] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Visio Shared\\Fonts\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x52ea133, ftCreationTime.dwHighDateTime=0x1d47c32, ftLastAccessTime.dwLowDateTime=0x62b5b1e, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x62b5b1e, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.642] GetProcessHeap () returned 0x4b0000 [0057.642] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.642] GetProcessHeap () returned 0x4b0000 [0057.642] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.642] GetProcessHeap () returned 0x4b0000 [0057.642] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.643] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Web Server Extensions\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa8eba59, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfa8eba59, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfa8eba59, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.643] GetProcessHeap () returned 0x4b0000 [0057.643] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.643] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Web Server Extensions\\16\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa8eba59, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfa8eba59, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfa8eba59, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.643] GetProcessHeap () returned 0x4b0000 [0057.643] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.644] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Web Server Extensions\\16\\BIN\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa8eba59, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xca27806, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xca27806, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.644] GetProcessHeap () returned 0x4b0000 [0057.644] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ed0060 [0057.644] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Web Server Extensions\\16\\BIN\\1033\\*", lpFindFileData=0xe9dbd8 | out: lpFindFileData=0xe9dbd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca27806, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xca27806, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xca27806, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.645] GetProcessHeap () returned 0x4b0000 [0057.645] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ed0060 | out: hHeap=0x4b0000) returned 1 [0057.645] GetProcessHeap () returned 0x4b0000 [0057.645] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.645] GetProcessHeap () returned 0x4b0000 [0057.646] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.646] GetProcessHeap () returned 0x4b0000 [0057.646] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.647] GetProcessHeap () returned 0x4b0000 [0057.647] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.647] GetProcessHeap () returned 0x4b0000 [0057.647] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.648] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\ODBC\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2e16872b, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x2e16872b, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e2272ee, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.648] GetProcessHeap () returned 0x4b0000 [0057.649] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.649] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\ODBC\\Data Sources\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2e2272ee, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x2e2272ee, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e2272ee, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.649] GetProcessHeap () returned 0x4b0000 [0057.649] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.649] GetProcessHeap () returned 0x4b0000 [0057.649] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.650] GetProcessHeap () returned 0x4b0000 [0057.650] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.651] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\SYSTEM\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf23b4040, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf23b4040, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6354def, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.651] GetProcessHeap () returned 0x4b0000 [0057.651] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\SYSTEM\\MSMAPI\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf23b4040, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf23b4040, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf23b4040, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.652] GetProcessHeap () returned 0x4b0000 [0057.652] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\SYSTEM\\MSMAPI\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf23b4040, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf23b4040, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf23b4040, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.653] GetProcessHeap () returned 0x4b0000 [0057.653] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.653] GetProcessHeap () returned 0x4b0000 [0057.653] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.653] GetProcessHeap () returned 0x4b0000 [0057.653] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.654] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\SYSTEM\\ole db\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6354def, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf6354def, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfb8dd674, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.654] GetProcessHeap () returned 0x4b0000 [0057.654] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.654] GetProcessHeap () returned 0x4b0000 [0057.654] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.655] GetProcessHeap () returned 0x4b0000 [0057.655] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.655] GetProcessHeap () returned 0x4b0000 [0057.655] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf21ea38b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf21ea38b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.655] GetProcessHeap () returned 0x4b0000 [0057.655] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.656] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc26f8376, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x6224b6a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6224b6a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.656] GetProcessHeap () returned 0x4b0000 [0057.656] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.656] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fd9ab, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x28551719, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x28551719, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.659] GetProcessHeap () returned 0x4b0000 [0057.659] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.659] GetProcessHeap () returned 0x4b0000 [0057.659] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.659] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefcf5b24, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf41cdbc1, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6296213, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.661] GetProcessHeap () returned 0x4b0000 [0057.661] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.661] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1028\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf12dd5ae, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf12dd5ae, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf12dd5ae, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.662] GetProcessHeap () returned 0x4b0000 [0057.662] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.662] GetProcessHeap () returned 0x4b0000 [0057.662] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.662] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1031\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e56af1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1e56af1, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1e56af1, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.669] GetProcessHeap () returned 0x4b0000 [0057.669] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.669] GetProcessHeap () returned 0x4b0000 [0057.669] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0501a67, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf0501a67, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf0501a67, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.670] GetProcessHeap () returned 0x4b0000 [0057.670] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.670] GetProcessHeap () returned 0x4b0000 [0057.670] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1036\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1ae94c9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1ae94c9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1ae94c9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.670] GetProcessHeap () returned 0x4b0000 [0057.670] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.670] GetProcessHeap () returned 0x4b0000 [0057.670] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1040\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf6296213, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf6296213, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf6296213, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c30 [0057.670] GetProcessHeap () returned 0x4b0000 [0057.670] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.670] GetProcessHeap () returned 0x4b0000 [0057.670] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1041\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf41cdbc1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf41cdbc1, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf41cdbc1, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.671] GetProcessHeap () returned 0x4b0000 [0057.671] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.671] GetProcessHeap () returned 0x4b0000 [0057.671] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.671] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1042\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1329a43, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1329a43, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1329a43, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.672] GetProcessHeap () returned 0x4b0000 [0057.672] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.672] GetProcessHeap () returned 0x4b0000 [0057.672] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.672] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1046\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1b81e2e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1b81e2e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1b81e2e, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.673] GetProcessHeap () returned 0x4b0000 [0057.673] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.673] GetProcessHeap () returned 0x4b0000 [0057.673] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.673] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\1049\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff31e88, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeff31e88, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeff31e88, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.673] GetProcessHeap () returned 0x4b0000 [0057.673] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.673] GetProcessHeap () returned 0x4b0000 [0057.673] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.673] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\2052\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefcf5b24, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xefcf5b24, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xefcf5b24, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.673] GetProcessHeap () returned 0x4b0000 [0057.673] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.674] GetProcessHeap () returned 0x4b0000 [0057.674] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.674] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Help\\3082\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd68243, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xefd68243, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xefd68243, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.674] GetProcessHeap () returned 0x4b0000 [0057.674] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.674] GetProcessHeap () returned 0x4b0000 [0057.674] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.674] GetProcessHeap () returned 0x4b0000 [0057.674] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.675] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc26f8376, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x28577965, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x28577965, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.688] GetProcessHeap () returned 0x4b0000 [0057.688] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.688] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd4512fb5, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xd4512fb5, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf2ebae3b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.688] GetProcessHeap () returned 0x4b0000 [0057.688] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.688] GetProcessHeap () returned 0x4b0000 [0057.688] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.688] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc436e5a6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc436e5a6, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc436e5a6, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.689] GetProcessHeap () returned 0x4b0000 [0057.689] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.689] GetProcessHeap () returned 0x4b0000 [0057.689] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.689] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\en-us\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2d86b0f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xc2d86b0f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xc2d86b0f, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.689] GetProcessHeap () returned 0x4b0000 [0057.689] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.689] GetProcessHeap () returned 0x4b0000 [0057.689] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.690] GetProcessHeap () returned 0x4b0000 [0057.690] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.690] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Portal\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd8e49f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xefd8e49f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x6aef645, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0057.690] GetProcessHeap () returned 0x4b0000 [0057.690] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.690] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Portal\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefd8e49f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xefd8e49f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xefd8e49f, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.691] GetProcessHeap () returned 0x4b0000 [0057.691] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.691] GetProcessHeap () returned 0x4b0000 [0057.691] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.691] GetProcessHeap () returned 0x4b0000 [0057.691] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.693] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6224b6a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xc968bf4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc968bf4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.694] GetProcessHeap () returned 0x4b0000 [0057.694] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA6\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6224b6a, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x6224b6a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x6224b6a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.694] GetProcessHeap () returned 0x4b0000 [0057.694] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.694] GetProcessHeap () returned 0x4b0000 [0057.694] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc968bf4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xc968bf4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xc968bf4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.696] GetProcessHeap () returned 0x4b0000 [0057.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.696] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\1033\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc968bf4, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0xcb32840, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0xcb32840, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.699] GetProcessHeap () returned 0x4b0000 [0057.699] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.699] GetProcessHeap () returned 0x4b0000 [0057.699] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.699] GetProcessHeap () returned 0x4b0000 [0057.699] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.700] GetProcessHeap () returned 0x4b0000 [0057.700] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.700] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Web Server Extensions\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c1a793, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1c1a793, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1c1a793, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05930 [0057.700] GetProcessHeap () returned 0x4b0000 [0057.701] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Web Server Extensions\\16\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c1a793, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1c1a793, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1c1a793, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.701] GetProcessHeap () returned 0x4b0000 [0057.701] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\Web Server Extensions\\16\\BIN\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c1a793, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfbd7bf89, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfbd7bf89, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.702] GetProcessHeap () returned 0x4b0000 [0057.702] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.702] GetProcessHeap () returned 0x4b0000 [0057.702] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.702] GetProcessHeap () returned 0x4b0000 [0057.702] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.703] GetProcessHeap () returned 0x4b0000 [0057.703] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.703] GetProcessHeap () returned 0x4b0000 [0057.703] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\System\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf21ea38b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf21ea38b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf21ea38b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.703] GetProcessHeap () returned 0x4b0000 [0057.703] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\System\\ole db\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf21ea38b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf21ea38b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf7b78b8d, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05c70 [0057.704] GetProcessHeap () returned 0x4b0000 [0057.704] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.704] GetProcessHeap () returned 0x4b0000 [0057.704] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.705] GetProcessHeap () returned 0x4b0000 [0057.705] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.705] GetProcessHeap () returned 0x4b0000 [0057.705] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.705] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x2e11c27d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e11c27d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05af0 [0057.705] GetProcessHeap () returned 0x4b0000 [0057.705] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.706] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Analysis Services\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeb142e44, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb142e44, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeb142e44, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.712] GetProcessHeap () returned 0x4b0000 [0057.712] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Analysis Services\\AS OLEDB\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeb142e44, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb142e44, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeb142e44, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cf0 [0057.713] GetProcessHeap () returned 0x4b0000 [0057.713] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Analysis Services\\AS OLEDB\\110\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeb142e44, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x2ae4bf10, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2ae4bf10, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.714] GetProcessHeap () returned 0x4b0000 [0057.714] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.714] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Analysis Services\\AS OLEDB\\110\\Cartridges\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a6fec90, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x2aebe60a, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2aebe60a, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.716] GetProcessHeap () returned 0x4b0000 [0057.717] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.717] GetProcessHeap () returned 0x4b0000 [0057.717] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Analysis Services\\AS OLEDB\\110\\Resources\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeb142e44, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xeb142e44, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xeb142e44, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a70 [0057.717] GetProcessHeap () returned 0x4b0000 [0057.717] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ed0060 [0057.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Analysis Services\\AS OLEDB\\110\\Resources\\1033\\*", lpFindFileData=0xe9dbd8 | out: lpFindFileData=0xe9dbd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeb142e44, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xee308135, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xee45f66d, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.717] GetProcessHeap () returned 0x4b0000 [0057.717] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ed0060 | out: hHeap=0x4b0000) returned 1 [0057.717] GetProcessHeap () returned 0x4b0000 [0057.717] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.717] GetProcessHeap () returned 0x4b0000 [0057.717] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.718] GetProcessHeap () returned 0x4b0000 [0057.718] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.719] GetProcessHeap () returned 0x4b0000 [0057.719] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.719] GetProcessHeap () returned 0x4b0000 [0057.719] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2e11c27d, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x2e11c27d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e11c27d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.720] GetProcessHeap () returned 0x4b0000 [0057.720] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.720] GetProcessHeap () returned 0x4b0000 [0057.720] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft SQL Server\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc53b9f9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc53b9f9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc53b9f9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ab0 [0057.721] GetProcessHeap () returned 0x4b0000 [0057.721] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.721] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft SQL Server\\110\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc53b9f9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc53b9f9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc53b9f9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.721] GetProcessHeap () returned 0x4b0000 [0057.721] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft SQL Server\\110\\Shared\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfc53b9f9, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfc53b9f9, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfc53b9f9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f30 [0057.722] GetProcessHeap () returned 0x4b0000 [0057.722] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.722] GetProcessHeap () returned 0x4b0000 [0057.722] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.722] GetProcessHeap () returned 0x4b0000 [0057.722] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.722] GetProcessHeap () returned 0x4b0000 [0057.722] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft.NET\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1a046b0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1a046b0, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1a046b0, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.754] GetProcessHeap () returned 0x4b0000 [0057.754] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.755] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft.NET\\ADOMD.NET\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1a046b0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1a046b0, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1a046b0, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.755] GetProcessHeap () returned 0x4b0000 [0057.755] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.755] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft.NET\\ADOMD.NET\\110\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1a046b0, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf1a046b0, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf1a046b0, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05cb0 [0057.756] GetProcessHeap () returned 0x4b0000 [0057.756] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.756] GetProcessHeap () returned 0x4b0000 [0057.756] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.756] GetProcessHeap () returned 0x4b0000 [0057.756] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.756] GetProcessHeap () returned 0x4b0000 [0057.756] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ba1070 | out: hHeap=0x4b0000) returned 1 [0057.757] GetProcessHeap () returned 0x4b0000 [0057.757] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ba1070 [0057.757] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\*", lpFindFileData=0xe9e8a8 | out: lpFindFileData=0xe9e8a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845a7d02, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x17c93f4, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x17c93f4, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bb0 [0057.758] GetProcessHeap () returned 0x4b0000 [0057.758] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.758] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Analysis Services\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf17ee5c3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf17ee5c3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf17ee5c3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c058f0 [0057.758] GetProcessHeap () returned 0x4b0000 [0057.758] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Analysis Services\\AS OLEDB\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf17ee5c3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf17ee5c3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf17ee5c3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b30 [0057.759] GetProcessHeap () returned 0x4b0000 [0057.759] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Analysis Services\\AS OLEDB\\110\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf17ee5c3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x2b0d4700, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2b0d4700, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05d30 [0057.760] GetProcessHeap () returned 0x4b0000 [0057.760] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.760] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Analysis Services\\AS OLEDB\\110\\Cartridges\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2afef8f7, ftCreationTime.dwHighDateTime=0x1d327e8, ftLastAccessTime.dwLowDateTime=0x2b0ae4ba, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2b0ae4ba, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ef0 [0057.762] GetProcessHeap () returned 0x4b0000 [0057.763] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.763] GetProcessHeap () returned 0x4b0000 [0057.763] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Analysis Services\\AS OLEDB\\110\\Resources\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf17ee5c3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf17ee5c3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf17ee5c3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05bf0 [0057.763] GetProcessHeap () returned 0x4b0000 [0057.763] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ed0060 [0057.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Analysis Services\\AS OLEDB\\110\\Resources\\1033\\*", lpFindFileData=0xe9dbd8 | out: lpFindFileData=0xe9dbd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf17ee5c3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf3143659, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf61fd8b4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.764] GetProcessHeap () returned 0x4b0000 [0057.764] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ed0060 | out: hHeap=0x4b0000) returned 1 [0057.764] GetProcessHeap () returned 0x4b0000 [0057.764] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0057.764] GetProcessHeap () returned 0x4b0000 [0057.764] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.765] GetProcessHeap () returned 0x4b0000 [0057.765] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0057.765] GetProcessHeap () returned 0x4b0000 [0057.765] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4bc2088 | out: hHeap=0x4b0000) returned 1 [0057.766] GetProcessHeap () returned 0x4b0000 [0057.766] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4bc2088 [0057.766] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Office\\*", lpFindFileData=0xe9e618 | out: lpFindFileData=0xe9e618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2f517e4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xd2f517e4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd2f517e4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05f70 [0057.766] GetProcessHeap () returned 0x4b0000 [0057.766] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c2b908 [0057.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Office\\Office16\\*", lpFindFileData=0xe9e388 | out: lpFindFileData=0xe9e388*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2f517e4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x86a6c5d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x86a6c5d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05b70 [0057.768] GetProcessHeap () returned 0x4b0000 [0057.768] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.768] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Office\\Office16\\1033\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd43957d3, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xca99edb, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2e1424f7, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05ff0 [0057.770] GetProcessHeap () returned 0x4b0000 [0057.770] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c3b910 | out: hHeap=0x4b0000) returned 1 [0057.770] GetProcessHeap () returned 0x4b0000 [0057.770] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4c3b910 [0057.770] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Office\\Office16\\DCF\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3201264, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x2c4a611d, ftLastAccessTime.dwHighDateTime=0x1d327e8, ftLastWriteTime.dwLowDateTime=0x2c4a611d, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05db0 [0057.771] GetProcessHeap () returned 0x4b0000 [0057.771] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4ec0058 [0057.772] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesX86\\Microsoft Office\\Office16\\DCF\\1033\\*", lpFindFileData=0xe9de68 | out: lpFindFileData=0xe9de68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf428c77b, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf428c77b, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf428c77b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c05a30 [0057.772] GetProcessHeap () returned 0x4b0000 [0057.772] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ec0058 | out: hHeap=0x4b0000) returned 1 [0065.299] GetProcessHeap () returned 0x4b0000 [0065.299] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c2b908 | out: hHeap=0x4b0000) returned 1 [0065.299] GetProcessHeap () returned 0x4b0000 [0065.299] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4f610a8 | out: hHeap=0x4b0000) returned 1 [0065.300] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4f610a8 [0065.300] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\*", lpFindFileData=0xe9e0f8 | out: lpFindFileData=0xe9e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2412562, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x3bf615b5, ftLastAccessTime.dwHighDateTime=0x1d336d8, ftLastWriteTime.dwLowDateTime=0x3bf615b5, ftLastWriteTime.dwHighDateTime=0x1d336d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4c06030 Thread: id = 16 os_tid = 0x7fc [0053.242] GetProcessHeap () returned 0x4b0000 [0053.242] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x53ec38 [0053.242] GetProcessHeap () returned 0x4b0000 [0053.242] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x576ee8 [0053.243] GetProcessHeap () returned 0x4b0000 [0053.243] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x571170 [0053.243] GetProcessHeap () returned 0x4b0000 [0053.243] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x110102) returned 0x492c020 [0053.245] GetProcessHeap () returned 0x4b0000 [0053.245] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4d0dc0 [0053.245] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0053.246] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0053.246] Wow64DisableWow64FsRedirection (in: OldValue=0xf2fe48 | out: OldValue=0xf2fe48*=0x0) returned 1 [0053.246] GetProcessHeap () returned 0x4b0000 [0053.246] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0dc0 | out: hHeap=0x4b0000) returned 1 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.246] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.247] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.248] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.249] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.250] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.251] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.252] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.252] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.252] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.252] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.252] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.252] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.252] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.253] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.254] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.255] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.256] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.257] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.258] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.259] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.260] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.262] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.263] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.264] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.265] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.266] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.266] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.266] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.266] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.266] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0056.209] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0056.209] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0056.209] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\DBSAMPLE.MDB.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\dbsample.mdb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x220, hTemplateFile=0x0) returned 0x354 [0056.210] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x7c000, lpOverlapped=0x0) returned 1 [0056.242] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x7c010, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x7c010, lpOverlapped=0x0) returned 1 [0056.251] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xf2, lpOverlapped=0x0) returned 1 [0056.251] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0056.252] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0056.252] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x7c000, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x7c000, lpOverlapped=0x0) returned 1 [0056.348] FlushFileBuffers (hFile=0x350) returned 1 [0064.167] FlushFileBuffers (hFile=0x354) returned 1 [0064.347] CloseHandle (hObject=0x350) returned 1 [0064.348] CloseHandle (hObject=0x354) returned 1 [0064.358] DeleteFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\1033\\DBSAMPLE.MDB" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\dbsample.mdb")) returned 1 [0064.363] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZMAIN.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzmain.accde"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0064.368] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=9277440) returned 1 [0064.368] CloseHandle (hObject=0x354) returned 1 [0064.368] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZMAIN.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzmain.accde")) returned 0x220 [0064.368] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZMAIN.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzmain.accde")) returned 0x220 [0064.368] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZMAIN.ACCDE.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzmain.accde.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.368] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZMAIN.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzmain.accde"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0064.368] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0064.368] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0064.368] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZMAIN.ACCDE.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzmain.accde.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x220, hTemplateFile=0x0) returned 0x350 [0064.368] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0064.677] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0064.698] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0064.958] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0065.149] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0065.187] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0065.384] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0065.629] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0065.882] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0065.905] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0066.072] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0066.094] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0066.248] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0066.270] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0066.893] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0066.915] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0067.103] ReadFile (in: hFile=0x354, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x58800, lpOverlapped=0x0) returned 1 [0067.108] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x58810, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x58810, lpOverlapped=0x0) returned 1 [0067.115] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xf2, lpOverlapped=0x0) returned 1 [0067.115] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0067.115] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0067.115] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.130] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.246] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.261] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.368] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.388] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.401] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.459] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0067.473] WriteFile (in: hFile=0x354, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x587f0, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x587f0, lpOverlapped=0x0) returned 1 [0067.475] FlushFileBuffers (hFile=0x354) returned 1 [0068.175] FlushFileBuffers (hFile=0x350) returned 1 [0068.557] CloseHandle (hObject=0x354) returned 1 [0070.018] CloseHandle (hObject=0x350) returned 1 [0070.873] DeleteFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZMAIN.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzmain.accde")) returned 1 [0070.883] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0070.885] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=88064) returned 1 [0070.885] CloseHandle (hObject=0x350) returned 1 [0070.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.885] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\windowsapps\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.885] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0070.885] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0070.886] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=110592) returned 1 [0070.886] CloseHandle (hObject=0x350) returned 1 [0070.886] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.886] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.886] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\windowsapps\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.887] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0070.887] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0070.887] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=146432) returned 1 [0070.887] CloseHandle (hObject=0x350) returned 1 [0070.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.887] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\windowsapps\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.887] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0070.888] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0070.899] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=147456) returned 1 [0070.899] CloseHandle (hObject=0x350) returned 1 [0070.899] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.899] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe\\configuration\\configuration.sqlite")) returned 0x20 [0070.899] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\\Configuration\\configuration.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\windowsapps\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe\\configuration\\configuration.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.900] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\WindowsApps\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\\Configuration\\configuration.sqlite" (normalized: "c:\\program files\\windowsapps\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe\\configuration\\configuration.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0070.900] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr.db" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0070.900] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0070.900] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=25100288) returned 1 [0070.900] CloseHandle (hObject=0x350) returned 1 [0070.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb")) returned 0x2220 [0070.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb")) returned 0x2220 [0070.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.901] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0070.901] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0070.901] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0070.901] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2220, hTemplateFile=0x0) returned 0x288 [0070.903] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0071.116] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0071.448] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0071.481] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0071.730] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0072.108] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0072.274] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0072.538] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0072.702] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0072.918] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0072.943] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0073.190] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0073.212] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0073.356] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0074.427] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0074.470] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0075.228] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0075.390] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0075.413] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0075.709] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0075.955] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0076.058] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0076.243] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0076.280] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0076.855] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0076.877] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0077.494] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0077.532] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0077.738] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0078.151] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0078.173] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0078.515] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0078.539] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0078.841] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0078.861] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0079.160] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0079.352] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0079.375] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0079.568] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0079.589] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0079.887] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0080.267] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0080.287] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0080.544] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0080.566] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x8ea00, lpOverlapped=0x0) returned 1 [0080.573] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x8ea10, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x8ea10, lpOverlapped=0x0) returned 1 [0080.803] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xf2, lpOverlapped=0x0) returned 1 [0080.803] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0080.803] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0080.803] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0080.818] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0080.833] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0080.987] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.003] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.017] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.272] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.286] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.302] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.504] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.520] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.534] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.903] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.917] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0081.939] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.344] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.367] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.381] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.519] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.533] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.547] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.671] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0082.684] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x8e9d4, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x8e9d4, lpOverlapped=0x0) returned 1 [0082.685] FlushFileBuffers (hFile=0x350) returned 1 [0083.479] FlushFileBuffers (hFile=0x288) returned 1 [0083.887] CloseHandle (hObject=0x350) returned 1 [0083.896] CloseHandle (hObject=0x288) returned 1 [0083.896] DeleteFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\windows\\windows.edb")) returned 1 [0083.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x288 [0083.913] GetFileSizeEx (in: hFile=0x288, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=4096) returned 1 [0083.913] CloseHandle (hObject=0x288) returned 1 [0083.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite")) returned 0x20 [0083.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite")) returned 0x20 [0083.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0083.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x288 [0083.913] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0083.913] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0083.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x350 [0083.914] ReadFile (in: hFile=0x288, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x1000, lpOverlapped=0x0) returned 1 [0083.916] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x1010, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x1010, lpOverlapped=0x0) returned 1 [0083.917] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x102, lpOverlapped=0x0) returned 1 [0083.917] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0083.917] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0083.917] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x1000, lpOverlapped=0x0) returned 1 [0083.917] FlushFileBuffers (hFile=0x288) returned 1 [0083.974] FlushFileBuffers (hFile=0x350) returned 1 [0083.975] CloseHandle (hObject=0x288) returned 1 [0083.975] CloseHandle (hObject=0x350) returned 1 [0083.975] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite")) returned 1 [0083.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cert8.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cert8.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0083.979] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=65536) returned 1 [0083.979] CloseHandle (hObject=0x350) returned 1 [0083.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cert8.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cert8.db")) returned 0x20 [0083.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cert8.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cert8.db")) returned 0x20 [0083.979] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cert8.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cert8.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0083.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cert8.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cert8.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0083.979] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0083.979] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0083.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cert8.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cert8.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x288 [0083.980] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x10000, lpOverlapped=0x0) returned 1 [0083.983] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x10010, lpOverlapped=0x0) returned 1 [0083.985] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xf2, lpOverlapped=0x0) returned 1 [0083.986] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0083.986] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0083.986] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x10000, lpOverlapped=0x0) returned 1 [0083.986] FlushFileBuffers (hFile=0x350) returned 1 [0084.003] FlushFileBuffers (hFile=0x288) returned 1 [0084.030] CloseHandle (hObject=0x350) returned 1 [0084.030] CloseHandle (hObject=0x288) returned 1 [0084.030] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cert8.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cert8.db")) returned 1 [0084.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cookies.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cookies.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x288 [0084.032] GetFileSizeEx (in: hFile=0x288, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=524288) returned 1 [0084.032] CloseHandle (hObject=0x288) returned 1 [0084.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cookies.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cookies.sqlite")) returned 0x20 [0084.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cookies.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cookies.sqlite")) returned 0x20 [0084.032] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cookies.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cookies.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cookies.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cookies.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x288 [0084.033] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0084.033] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0084.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cookies.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cookies.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x350 [0084.033] ReadFile (in: hFile=0x288, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x80000, lpOverlapped=0x0) returned 1 [0084.047] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x80010, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x80010, lpOverlapped=0x0) returned 1 [0084.056] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xf2, lpOverlapped=0x0) returned 1 [0084.056] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0084.056] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0084.057] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x80000, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x80000, lpOverlapped=0x0) returned 1 [0084.058] FlushFileBuffers (hFile=0x288) returned 1 [0084.717] FlushFileBuffers (hFile=0x350) returned 1 [0084.720] CloseHandle (hObject=0x288) returned 1 [0084.720] CloseHandle (hObject=0x350) returned 1 [0084.720] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\cookies.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\cookies.sqlite")) returned 1 [0084.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\key3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\key3.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0084.726] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=16384) returned 1 [0084.726] CloseHandle (hObject=0x350) returned 1 [0084.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\key3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\key3.db")) returned 0x20 [0084.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\key3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\key3.db")) returned 0x20 [0084.726] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\key3.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\key3.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\key3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\key3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0084.726] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0084.726] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0084.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\key3.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\key3.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x288 [0084.726] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x4000, lpOverlapped=0x0) returned 1 [0084.728] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x4010, lpOverlapped=0x0) returned 1 [0084.729] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xe2, lpOverlapped=0x0) returned 1 [0084.729] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0084.729] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0084.729] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x4000, lpOverlapped=0x0) returned 1 [0084.730] FlushFileBuffers (hFile=0x350) returned 1 [0084.739] FlushFileBuffers (hFile=0x288) returned 1 [0084.745] CloseHandle (hObject=0x350) returned 1 [0084.745] CloseHandle (hObject=0x288) returned 1 [0084.745] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\key3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\key3.db")) returned 1 [0084.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\permissions.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\permissions.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x288 [0084.750] GetFileSizeEx (in: hFile=0x288, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=98304) returned 1 [0084.750] CloseHandle (hObject=0x288) returned 1 [0084.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\permissions.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\permissions.sqlite")) returned 0x20 [0084.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\permissions.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\permissions.sqlite")) returned 0x20 [0084.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\permissions.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\permissions.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\permissions.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\permissions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x288 [0084.754] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0084.754] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0084.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\permissions.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\permissions.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x350 [0084.755] ReadFile (in: hFile=0x288, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x18000, lpOverlapped=0x0) returned 1 [0084.758] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x18010, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x18010, lpOverlapped=0x0) returned 1 [0084.760] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x102, lpOverlapped=0x0) returned 1 [0084.760] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0084.760] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0084.760] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x18000, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x18000, lpOverlapped=0x0) returned 1 [0084.760] FlushFileBuffers (hFile=0x288) returned 1 [0085.042] FlushFileBuffers (hFile=0x350) returned 1 [0085.052] CloseHandle (hObject=0x288) returned 1 [0085.053] CloseHandle (hObject=0x350) returned 1 [0085.053] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\permissions.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\permissions.sqlite")) returned 1 [0085.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\places.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\places.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0085.055] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xf2fdf0 | out: lpFileSize=0xf2fdf0*=5242880) returned 1 [0085.055] CloseHandle (hObject=0x350) returned 1 [0085.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\places.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\places.sqlite")) returned 0x20 [0085.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\places.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\places.sqlite")) returned 0x20 [0085.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\places.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\places.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\places.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\places.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350 [0085.055] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0085.055] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fdb8 | out: lpNewFilePointer=0x0) returned 1 [0085.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\places.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\places.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x288 [0085.056] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0085.402] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0085.422] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0085.745] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0085.765] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0086.045] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0086.351] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0x110100, lpOverlapped=0x0) returned 1 [0086.374] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0x110100, lpOverlapped=0x0) returned 1 [0086.624] ReadFile (in: hFile=0x350, lpBuffer=0x492c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xf2fdcc, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesRead=0xf2fdcc*=0xbfc00, lpOverlapped=0x0) returned 1 [0086.721] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xbfc10, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xbfc10, lpOverlapped=0x0) returned 1 [0086.735] WriteFile (in: hFile=0x288, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xf2fda4, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fda4*=0xf2, lpOverlapped=0x0) returned 1 [0086.735] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0086.735] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xf2fb18 | out: lpNewFilePointer=0x0) returned 1 [0086.736] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0086.752] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0086.972] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0086.985] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0x110102, lpOverlapped=0x0) returned 1 [0086.998] WriteFile (in: hFile=0x350, lpBuffer=0x492c020*, nNumberOfBytesToWrite=0xbfbf8, lpNumberOfBytesWritten=0xf2fb24, lpOverlapped=0x0 | out: lpBuffer=0x492c020*, lpNumberOfBytesWritten=0xf2fb24*=0xbfbf8, lpOverlapped=0x0) returned 1 [0087.000] FlushFileBuffers (hFile=0x350) Thread: id = 17 os_tid = 0xe90 [0053.288] GetProcessHeap () returned 0x4b0000 [0053.288] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x586ef0 [0053.288] GetProcessHeap () returned 0x4b0000 [0053.288] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x596ef8 [0053.289] GetProcessHeap () returned 0x4b0000 [0053.289] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x570e10 [0053.289] GetProcessHeap () returned 0x4b0000 [0053.289] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x110102) returned 0x4a4c020 [0053.291] GetProcessHeap () returned 0x4b0000 [0053.291] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4d0c08 [0053.292] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0053.292] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0053.292] Wow64DisableWow64FsRedirection (in: OldValue=0xfaf8a8 | out: OldValue=0xfaf8a8*=0x0) returned 1 [0053.292] GetProcessHeap () returned 0x4b0000 [0053.292] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0c08 | out: hHeap=0x4b0000) returned 1 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.292] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.293] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.295] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.296] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.297] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.298] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.299] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.300] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.301] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.302] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.303] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.304] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.305] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.306] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.307] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.308] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.309] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.310] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.311] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.312] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.312] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.312] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0053.312] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0056.294] SetFilePointerEx (in: hFile=0x364, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0056.294] SetFilePointerEx (in: hFile=0x364, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0056.294] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZLIB.ACCDE.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzlib.accde.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x220, hTemplateFile=0x0) returned 0x368 [0056.295] ReadFile (in: hFile=0x364, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0056.399] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0056.421] ReadFile (in: hFile=0x364, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0xedf00, lpOverlapped=0x0) returned 1 [0056.494] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xedf10, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xedf10, lpOverlapped=0x0) returned 1 [0056.512] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0056.512] SetFilePointerEx (in: hFile=0x364, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0056.512] SetFilePointerEx (in: hFile=0x364, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0056.512] WriteFile (in: hFile=0x364, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0056.558] WriteFile (in: hFile=0x364, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xedefe, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0xedefe, lpOverlapped=0x0) returned 1 [0056.584] FlushFileBuffers (hFile=0x364) returned 1 [0064.334] FlushFileBuffers (hFile=0x368) returned 1 [0064.389] CloseHandle (hObject=0x364) returned 1 [0064.390] CloseHandle (hObject=0x368) returned 1 [0064.699] DeleteFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZLIB.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwzlib.accde")) returned 1 [0064.725] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZTOOL.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwztool.accde"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0064.725] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=11493376) returned 1 [0064.725] CloseHandle (hObject=0x368) returned 1 [0064.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZTOOL.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwztool.accde")) returned 0x220 [0064.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZTOOL.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwztool.accde")) returned 0x220 [0064.725] GetFileAttributesW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZTOOL.ACCDE.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwztool.accde.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.725] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZTOOL.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwztool.accde"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0064.725] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0064.725] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0064.726] CreateFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZTOOL.ACCDE.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwztool.accde.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x220, hTemplateFile=0x0) returned 0x330 [0064.726] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0064.986] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0065.009] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0065.209] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0065.413] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0065.438] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0065.665] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0065.688] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0065.933] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0065.955] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0066.118] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0066.141] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0066.288] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0066.309] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0066.949] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0067.135] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0067.158] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0067.275] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0067.297] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0067.415] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0067.436] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x55600, lpOverlapped=0x0) returned 1 [0067.440] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x55610, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x55610, lpOverlapped=0x0) returned 1 [0067.499] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0067.499] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0067.499] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0067.499] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0067.515] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0067.705] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0067.718] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0067.911] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0068.262] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0068.276] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0068.291] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0068.706] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0068.721] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0069.065] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x555ec, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x555ec, lpOverlapped=0x0) returned 1 [0069.066] FlushFileBuffers (hFile=0x368) returned 1 [0069.486] FlushFileBuffers (hFile=0x330) returned 1 [0069.929] CloseHandle (hObject=0x368) returned 1 [0070.976] CloseHandle (hObject=0x330) returned 1 [0072.541] DeleteFileW (lpFileName="\\\\?\\C:\\Program Files\\Microsoft Office\\root\\Office16\\ACCWIZ\\ACWZTOOL.ACCDE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\accwiz\\acwztool.accde")) returned 1 [0072.542] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\SmsRouter\\MessageStore\\SmsInterceptStore.db" (normalized: "c:\\programdata\\microsoft\\smsrouter\\messagestore\\smsinterceptstore.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0072.543] GetFileSizeEx (in: hFile=0x330, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=196608) returned 1 [0072.543] CloseHandle (hObject=0x330) returned 1 [0072.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\SmsRouter\\MessageStore\\SmsInterceptStore.db" (normalized: "c:\\programdata\\microsoft\\smsrouter\\messagestore\\smsinterceptstore.db")) returned 0x20 [0072.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\SmsRouter\\MessageStore\\SmsInterceptStore.db" (normalized: "c:\\programdata\\microsoft\\smsrouter\\messagestore\\smsinterceptstore.db")) returned 0x20 [0072.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\SmsRouter\\MessageStore\\SmsInterceptStore.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\programdata\\microsoft\\smsrouter\\messagestore\\smsinterceptstore.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.544] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\SmsRouter\\MessageStore\\SmsInterceptStore.db" (normalized: "c:\\programdata\\microsoft\\smsrouter\\messagestore\\smsinterceptstore.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0072.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0072.544] GetFileSizeEx (in: hFile=0x330, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=16384) returned 1 [0072.544] CloseHandle (hObject=0x330) returned 1 [0072.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db")) returned 0x20 [0072.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db")) returned 0x20 [0072.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0072.545] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0072.545] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0072.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x32c [0072.545] ReadFile (in: hFile=0x330, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x4000, lpOverlapped=0x0) returned 1 [0072.548] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x4010, lpOverlapped=0x0) returned 1 [0072.549] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0072.549] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0072.549] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0072.550] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x4000, lpOverlapped=0x0) returned 1 [0072.550] FlushFileBuffers (hFile=0x330) returned 1 [0072.614] FlushFileBuffers (hFile=0x32c) returned 1 [0072.616] CloseHandle (hObject=0x330) returned 1 [0072.617] CloseHandle (hObject=0x32c) returned 1 [0072.618] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db")) returned 1 [0072.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0072.620] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=0) returned 1 [0072.620] CloseHandle (hObject=0x32c) returned 1 [0072.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0072.620] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=69904) returned 1 [0072.620] CloseHandle (hObject=0x32c) returned 1 [0072.620] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\iconcache.db")) returned 0x22 [0072.620] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\iconcache.db")) returned 0x22 [0072.620] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\IconCache.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\iconcache.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0072.621] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0072.621] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0072.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\IconCache.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\iconcache.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x22, hTemplateFile=0x0) returned 0x330 [0072.621] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x11110, lpOverlapped=0x0) returned 1 [0072.623] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x11120, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x11120, lpOverlapped=0x0) returned 1 [0072.625] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0072.625] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0072.625] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0072.625] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x11110, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x11110, lpOverlapped=0x0) returned 1 [0072.625] FlushFileBuffers (hFile=0x32c) returned 1 [0072.627] FlushFileBuffers (hFile=0x330) returned 1 [0072.628] CloseHandle (hObject=0x32c) returned 1 [0072.630] CloseHandle (hObject=0x330) returned 1 [0072.637] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\iconcache.db")) returned 1 [0072.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Internet Explorer\\Indexed DB\\AppQuota.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\internet explorer\\indexed db\\appquota.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0072.640] GetFileSizeEx (in: hFile=0x330, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1572864) returned 1 [0072.640] CloseHandle (hObject=0x330) returned 1 [0072.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Internet Explorer\\Indexed DB\\AppQuota.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\internet explorer\\indexed db\\appquota.edb")) returned 0x220 [0072.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Internet Explorer\\Indexed DB\\AppQuota.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\internet explorer\\indexed db\\appquota.edb")) returned 0x220 [0072.640] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Internet Explorer\\Indexed DB\\AppQuota.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\internet explorer\\indexed db\\appquota.edb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Internet Explorer\\Indexed DB\\AppQuota.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\internet explorer\\indexed db\\appquota.edb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0072.641] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0072.641] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0072.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Internet Explorer\\Indexed DB\\AppQuota.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\internet explorer\\indexed db\\appquota.edb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x220, hTemplateFile=0x0) returned 0x32c [0072.641] ReadFile (in: hFile=0x330, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0072.677] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0072.872] ReadFile (in: hFile=0x330, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x6ff00, lpOverlapped=0x0) returned 1 [0072.878] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x6ff10, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x6ff10, lpOverlapped=0x0) returned 1 [0072.886] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0072.887] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0072.887] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0072.887] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0072.892] WriteFile (in: hFile=0x330, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x6fefe, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x6fefe, lpOverlapped=0x0) returned 1 [0072.893] FlushFileBuffers (hFile=0x330) returned 1 [0074.242] FlushFileBuffers (hFile=0x32c) returned 1 [0074.282] CloseHandle (hObject=0x330) returned 1 [0074.316] CloseHandle (hObject=0x32c) returned 1 [0074.602] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Internet Explorer\\Indexed DB\\AppQuota.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\internet explorer\\indexed db\\appquota.edb")) returned 1 [0074.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.616] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=16384) returned 1 [0074.616] CloseHandle (hObject=0x32c) returned 1 [0074.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")) returned 0x20 [0074.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")) returned 0x20 [0074.616] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.617] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.617] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0074.617] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x4000, lpOverlapped=0x0) returned 1 [0074.618] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x4010, lpOverlapped=0x0) returned 1 [0074.622] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0074.623] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.623] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.623] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x4000, lpOverlapped=0x0) returned 1 [0074.623] FlushFileBuffers (hFile=0x32c) returned 1 [0074.626] FlushFileBuffers (hFile=0x368) returned 1 [0074.628] CloseHandle (hObject=0x32c) returned 1 [0074.628] CloseHandle (hObject=0x368) returned 1 [0074.630] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")) returned 1 [0074.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0074.631] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=16384) returned 1 [0074.631] CloseHandle (hObject=0x368) returned 1 [0074.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db")) returned 0x20 [0074.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db")) returned 0x20 [0074.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0074.632] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.632] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x32c [0074.633] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x4000, lpOverlapped=0x0) returned 1 [0074.634] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x4010, lpOverlapped=0x0) returned 1 [0074.639] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0074.639] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.639] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.639] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x4000, lpOverlapped=0x0) returned 1 [0074.639] FlushFileBuffers (hFile=0x368) returned 1 [0074.642] FlushFileBuffers (hFile=0x32c) returned 1 [0074.644] CloseHandle (hObject=0x368) returned 1 [0074.645] CloseHandle (hObject=0x32c) returned 1 [0074.646] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db")) returned 0 [0074.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{2B16BD47-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{2b16bd47-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.647] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=413432) returned 1 [0074.647] CloseHandle (hObject=0x32c) returned 1 [0074.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{2B16BD47-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{2b16bd47-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db")) returned 0x20 [0074.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{2B16BD47-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{2b16bd47-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db")) returned 0x20 [0074.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{2B16BD47-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{2b16bd47-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{2B16BD47-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{2b16bd47-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.648] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.648] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{2B16BD47-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{2b16bd47-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0074.648] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x64ef8, lpOverlapped=0x0) returned 1 [0074.656] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x64f00, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x64f00, lpOverlapped=0x0) returned 1 [0074.663] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x162, lpOverlapped=0x0) returned 1 [0074.664] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.664] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.664] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x64ef8, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x64ef8, lpOverlapped=0x0) returned 1 [0074.665] FlushFileBuffers (hFile=0x32c) returned 1 [0074.673] FlushFileBuffers (hFile=0x368) returned 1 [0074.674] CloseHandle (hObject=0x32c) returned 1 [0074.684] CloseHandle (hObject=0x368) returned 1 [0074.692] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{2B16BD47-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{2b16bd47-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db")) returned 1 [0074.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000030.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000030.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0074.697] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=100824) returned 1 [0074.697] CloseHandle (hObject=0x368) returned 1 [0074.697] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000030.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000030.db")) returned 0x20 [0074.697] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000030.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000030.db")) returned 0x20 [0074.697] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000030.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000030.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000030.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000030.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0074.697] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.697] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000030.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000030.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x32c [0074.698] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x189d8, lpOverlapped=0x0) returned 1 [0074.700] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x189e0, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x189e0, lpOverlapped=0x0) returned 1 [0074.702] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x162, lpOverlapped=0x0) returned 1 [0074.703] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.703] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.703] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x189d8, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x189d8, lpOverlapped=0x0) returned 1 [0074.703] FlushFileBuffers (hFile=0x368) returned 1 [0074.706] FlushFileBuffers (hFile=0x32c) returned 1 [0074.708] CloseHandle (hObject=0x368) returned 1 [0074.710] CloseHandle (hObject=0x32c) returned 1 [0074.715] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000030.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000030.db")) returned 0 [0074.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000031.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000031.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.716] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=95104) returned 1 [0074.716] CloseHandle (hObject=0x32c) returned 1 [0074.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000031.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000031.db")) returned 0x20 [0074.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000031.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000031.db")) returned 0x20 [0074.716] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000031.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000031.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000031.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000031.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.716] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.716] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000031.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000031.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0074.717] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x17380, lpOverlapped=0x0) returned 1 [0074.719] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x17390, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x17390, lpOverlapped=0x0) returned 1 [0074.721] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x162, lpOverlapped=0x0) returned 1 [0074.721] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.721] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.721] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x17380, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x17380, lpOverlapped=0x0) returned 1 [0074.722] FlushFileBuffers (hFile=0x32c) returned 1 [0074.725] FlushFileBuffers (hFile=0x368) returned 1 [0074.726] CloseHandle (hObject=0x32c) returned 1 [0074.731] CloseHandle (hObject=0x368) returned 1 [0074.734] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000031.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x0000000000000031.db")) returned 0 [0074.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0074.734] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=130512) returned 1 [0074.734] CloseHandle (hObject=0x368) returned 1 [0074.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db")) returned 0x20 [0074.734] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db")) returned 0x20 [0074.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0074.735] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.735] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x32c [0074.735] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x1fdd0, lpOverlapped=0x0) returned 1 [0074.739] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x1fde0, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x1fde0, lpOverlapped=0x0) returned 1 [0074.741] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x162, lpOverlapped=0x0) returned 1 [0074.742] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.742] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.742] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x1fdd0, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x1fdd0, lpOverlapped=0x0) returned 1 [0074.742] FlushFileBuffers (hFile=0x368) returned 1 [0074.745] FlushFileBuffers (hFile=0x32c) returned 1 [0074.746] CloseHandle (hObject=0x368) returned 1 [0074.749] CloseHandle (hObject=0x32c) returned 1 [0074.752] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db")) returned 1 [0074.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.754] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=118080) returned 1 [0074.754] CloseHandle (hObject=0x32c) returned 1 [0074.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db")) returned 0x20 [0074.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db")) returned 0x20 [0074.754] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0074.754] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.755] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0074.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0074.755] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x1cd40, lpOverlapped=0x0) returned 1 [0074.758] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x1cd50, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x1cd50, lpOverlapped=0x0) returned 1 [0074.872] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x162, lpOverlapped=0x0) returned 1 [0074.872] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.872] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0074.872] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x1cd40, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x1cd40, lpOverlapped=0x0) returned 1 [0074.873] FlushFileBuffers (hFile=0x32c) returned 1 [0074.880] FlushFileBuffers (hFile=0x368) returned 1 [0075.035] CloseHandle (hObject=0x32c) returned 1 [0075.038] CloseHandle (hObject=0x368) returned 1 [0075.043] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db")) returned 0 [0075.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.044] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.044] CloseHandle (hObject=0x368) returned 1 [0075.044] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db")) returned 0x2020 [0075.044] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db")) returned 0x2020 [0075.044] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1280.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.044] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.045] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1280.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.045] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.046] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.047] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.047] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.047] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.047] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.047] FlushFileBuffers (hFile=0x368) returned 1 [0075.050] FlushFileBuffers (hFile=0x32c) returned 1 [0075.065] CloseHandle (hObject=0x368) returned 1 [0075.065] CloseHandle (hObject=0x32c) returned 1 [0075.066] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db")) returned 1 [0075.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.067] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1048576) returned 1 [0075.067] CloseHandle (hObject=0x32c) returned 1 [0075.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db")) returned 0x2020 [0075.067] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db")) returned 0x2020 [0075.068] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.069] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.069] CloseHandle (hObject=0x32c) returned 1 [0075.069] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db")) returned 0x2020 [0075.069] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db")) returned 0x2020 [0075.069] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1920.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.069] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.069] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1920.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.069] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.070] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.071] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.071] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.073] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.073] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.073] FlushFileBuffers (hFile=0x32c) returned 1 [0075.075] FlushFileBuffers (hFile=0x368) returned 1 [0075.076] CloseHandle (hObject=0x32c) returned 1 [0075.077] CloseHandle (hObject=0x368) returned 1 [0075.077] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db")) returned 1 [0075.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.079] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1048576) returned 1 [0075.079] CloseHandle (hObject=0x368) returned 1 [0075.079] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db")) returned 0x2020 [0075.079] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db")) returned 0x2020 [0075.079] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.079] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.079] CloseHandle (hObject=0x368) returned 1 [0075.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db")) returned 0x2020 [0075.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db")) returned 0x2020 [0075.080] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_2560.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.080] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.080] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_2560.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.080] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.081] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.082] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.082] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.082] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.083] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.083] FlushFileBuffers (hFile=0x368) returned 1 [0075.085] FlushFileBuffers (hFile=0x32c) returned 1 [0075.087] CloseHandle (hObject=0x368) returned 1 [0075.087] CloseHandle (hObject=0x32c) returned 1 [0075.088] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db")) returned 1 [0075.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.089] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=3145728) returned 1 [0075.089] CloseHandle (hObject=0x32c) returned 1 [0075.089] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db")) returned 0x2020 [0075.089] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db")) returned 0x2020 [0075.089] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.090] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=3145728) returned 1 [0075.090] CloseHandle (hObject=0x32c) returned 1 [0075.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")) returned 0x2020 [0075.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")) returned 0x2020 [0075.090] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.091] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.091] CloseHandle (hObject=0x32c) returned 1 [0075.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db")) returned 0x2020 [0075.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db")) returned 0x2020 [0075.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_768.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.091] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.091] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_768.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.091] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.092] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.093] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.093] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.093] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.094] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.094] FlushFileBuffers (hFile=0x32c) returned 1 [0075.096] FlushFileBuffers (hFile=0x368) returned 1 [0075.097] CloseHandle (hObject=0x32c) returned 1 [0075.097] CloseHandle (hObject=0x368) returned 1 [0075.098] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db")) returned 1 [0075.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.099] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.099] CloseHandle (hObject=0x368) returned 1 [0075.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db")) returned 0x2020 [0075.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db")) returned 0x2020 [0075.100] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_96.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.100] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.100] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_96.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.100] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.101] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.102] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0075.102] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.102] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.102] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.102] FlushFileBuffers (hFile=0x368) returned 1 [0075.104] FlushFileBuffers (hFile=0x32c) returned 1 [0075.106] CloseHandle (hObject=0x368) returned 1 [0075.106] CloseHandle (hObject=0x32c) returned 1 [0075.107] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db")) returned 1 [0075.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.109] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.109] CloseHandle (hObject=0x32c) returned 1 [0075.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db")) returned 0x2020 [0075.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db")) returned 0x2020 [0075.109] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.109] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.109] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.109] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.110] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.111] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x112, lpOverlapped=0x0) returned 1 [0075.111] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.111] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.111] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.112] FlushFileBuffers (hFile=0x32c) returned 1 [0075.113] FlushFileBuffers (hFile=0x368) returned 1 [0075.115] CloseHandle (hObject=0x32c) returned 1 [0075.115] CloseHandle (hObject=0x368) returned 1 [0075.116] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db")) returned 1 [0075.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.117] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.117] CloseHandle (hObject=0x368) returned 1 [0075.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db")) returned 0x2020 [0075.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db")) returned 0x2020 [0075.117] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_exif.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.118] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.118] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_exif.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.118] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.119] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.120] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.120] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.120] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.120] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.120] FlushFileBuffers (hFile=0x368) returned 1 [0075.122] FlushFileBuffers (hFile=0x32c) returned 1 [0075.124] CloseHandle (hObject=0x368) returned 1 [0075.124] CloseHandle (hObject=0x32c) returned 1 [0075.125] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db")) returned 1 [0075.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.126] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=116496) returned 1 [0075.126] CloseHandle (hObject=0x32c) returned 1 [0075.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")) returned 0x2020 [0075.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")) returned 0x2020 [0075.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.127] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.127] CloseHandle (hObject=0x32c) returned 1 [0075.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db")) returned 0x2020 [0075.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db")) returned 0x2020 [0075.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_sr.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.127] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.127] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_sr.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.128] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.128] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.129] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0075.129] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.130] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.130] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.130] FlushFileBuffers (hFile=0x32c) returned 1 [0075.133] FlushFileBuffers (hFile=0x368) returned 1 [0075.135] CloseHandle (hObject=0x32c) returned 1 [0075.136] CloseHandle (hObject=0x368) returned 1 [0075.136] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db")) returned 1 [0075.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.137] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.137] CloseHandle (hObject=0x368) returned 1 [0075.138] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db")) returned 0x2020 [0075.138] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db")) returned 0x2020 [0075.138] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.138] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.138] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.138] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.139] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.140] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.140] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.140] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.140] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.140] FlushFileBuffers (hFile=0x368) returned 1 [0075.142] FlushFileBuffers (hFile=0x32c) returned 1 [0075.147] CloseHandle (hObject=0x368) returned 1 [0075.148] CloseHandle (hObject=0x32c) returned 1 [0075.152] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db")) returned 1 [0075.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.159] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.159] CloseHandle (hObject=0x32c) returned 1 [0075.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db")) returned 0x2020 [0075.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db")) returned 0x2020 [0075.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.160] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.160] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.160] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.161] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.162] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x112, lpOverlapped=0x0) returned 1 [0075.162] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.162] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.162] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.162] FlushFileBuffers (hFile=0x32c) returned 1 [0075.164] FlushFileBuffers (hFile=0x368) returned 1 [0075.166] CloseHandle (hObject=0x32c) returned 1 [0075.167] CloseHandle (hObject=0x368) returned 1 [0075.167] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db")) returned 1 [0075.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.168] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.169] CloseHandle (hObject=0x368) returned 1 [0075.169] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db")) returned 0x2020 [0075.169] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db")) returned 0x2020 [0075.169] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.169] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.169] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.169] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.170] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.171] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.171] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.171] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.171] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.172] FlushFileBuffers (hFile=0x368) returned 1 [0075.173] FlushFileBuffers (hFile=0x32c) returned 1 [0075.175] CloseHandle (hObject=0x368) returned 1 [0075.175] CloseHandle (hObject=0x32c) returned 1 [0075.176] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db")) returned 1 [0075.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.177] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1048576) returned 1 [0075.177] CloseHandle (hObject=0x32c) returned 1 [0075.177] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db")) returned 0x2020 [0075.177] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db")) returned 0x2020 [0075.177] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_16.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.178] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.178] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_16.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.178] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x100000, lpOverlapped=0x0) returned 1 [0075.205] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x100010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x100010, lpOverlapped=0x0) returned 1 [0075.326] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.326] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.326] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.326] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x100000, lpOverlapped=0x0) returned 1 [0075.329] FlushFileBuffers (hFile=0x32c) returned 1 [0075.341] FlushFileBuffers (hFile=0x368) returned 1 [0075.343] CloseHandle (hObject=0x32c) returned 1 [0075.367] CloseHandle (hObject=0x368) returned 1 [0075.543] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_16.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db")) returned 1 [0075.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.552] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.552] CloseHandle (hObject=0x368) returned 1 [0075.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db")) returned 0x2020 [0075.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db")) returned 0x2020 [0075.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.552] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.552] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.553] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.554] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.555] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.555] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.555] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.555] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.555] FlushFileBuffers (hFile=0x368) returned 1 [0075.558] FlushFileBuffers (hFile=0x32c) returned 1 [0075.560] CloseHandle (hObject=0x368) returned 1 [0075.560] CloseHandle (hObject=0x32c) returned 1 [0075.561] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db")) returned 1 [0075.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.562] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1048576) returned 1 [0075.562] CloseHandle (hObject=0x32c) returned 1 [0075.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")) returned 0x2020 [0075.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")) returned 0x2020 [0075.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.563] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.563] CloseHandle (hObject=0x32c) returned 1 [0075.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db")) returned 0x2020 [0075.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db")) returned 0x2020 [0075.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.563] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.563] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.564] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.564] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.565] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.566] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.566] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.566] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.566] FlushFileBuffers (hFile=0x32c) returned 1 [0075.580] FlushFileBuffers (hFile=0x368) returned 1 [0075.582] CloseHandle (hObject=0x32c) returned 1 [0075.582] CloseHandle (hObject=0x368) returned 1 [0075.583] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db")) returned 1 [0075.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.584] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1048576) returned 1 [0075.584] CloseHandle (hObject=0x368) returned 1 [0075.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")) returned 0x2020 [0075.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")) returned 0x2020 [0075.584] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.585] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1048576) returned 1 [0075.585] CloseHandle (hObject=0x368) returned 1 [0075.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")) returned 0x2020 [0075.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")) returned 0x2020 [0075.585] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.586] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.586] CloseHandle (hObject=0x368) returned 1 [0075.586] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db")) returned 0x2020 [0075.586] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db")) returned 0x2020 [0075.586] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_768.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.586] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.586] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_768.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.587] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.588] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.589] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.589] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.589] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.589] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.589] FlushFileBuffers (hFile=0x368) returned 1 [0075.591] FlushFileBuffers (hFile=0x32c) returned 1 [0075.593] CloseHandle (hObject=0x368) returned 1 [0075.593] CloseHandle (hObject=0x32c) returned 1 [0075.594] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_768.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db")) returned 1 [0075.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.595] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.595] CloseHandle (hObject=0x32c) returned 1 [0075.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")) returned 0x2020 [0075.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")) returned 0x2020 [0075.595] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.596] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.596] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.596] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.597] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.598] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.598] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.598] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.598] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.598] FlushFileBuffers (hFile=0x32c) returned 1 [0075.600] FlushFileBuffers (hFile=0x368) returned 1 [0075.602] CloseHandle (hObject=0x32c) returned 1 [0075.602] CloseHandle (hObject=0x368) returned 1 [0075.602] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")) returned 1 [0075.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.604] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.604] CloseHandle (hObject=0x368) returned 1 [0075.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db")) returned 0x2020 [0075.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db")) returned 0x2020 [0075.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.605] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.605] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.605] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.606] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.607] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x112, lpOverlapped=0x0) returned 1 [0075.607] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.607] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.607] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.607] FlushFileBuffers (hFile=0x368) returned 1 [0075.609] FlushFileBuffers (hFile=0x32c) returned 1 [0075.611] CloseHandle (hObject=0x368) returned 1 [0075.611] CloseHandle (hObject=0x32c) returned 1 [0075.612] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db")) returned 1 [0075.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.613] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.613] CloseHandle (hObject=0x32c) returned 1 [0075.613] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db")) returned 0x2020 [0075.613] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db")) returned 0x2020 [0075.613] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.613] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.613] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.614] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.615] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.616] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.616] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.616] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.616] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.616] FlushFileBuffers (hFile=0x32c) returned 1 [0075.618] FlushFileBuffers (hFile=0x368) returned 1 [0075.619] CloseHandle (hObject=0x32c) returned 1 [0075.620] CloseHandle (hObject=0x368) returned 1 [0075.620] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db")) returned 1 [0075.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.621] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=7416) returned 1 [0075.622] CloseHandle (hObject=0x368) returned 1 [0075.622] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")) returned 0x2020 [0075.622] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")) returned 0x2020 [0075.622] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.622] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.622] CloseHandle (hObject=0x368) returned 1 [0075.622] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")) returned 0x2020 [0075.622] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")) returned 0x2020 [0075.623] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.623] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.623] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.623] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.624] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.625] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.625] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.625] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.625] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.625] FlushFileBuffers (hFile=0x368) returned 1 [0075.627] FlushFileBuffers (hFile=0x32c) returned 1 [0075.629] CloseHandle (hObject=0x368) returned 1 [0075.629] CloseHandle (hObject=0x32c) returned 1 [0075.630] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")) returned 1 [0075.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.631] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.631] CloseHandle (hObject=0x32c) returned 1 [0075.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db")) returned 0x2020 [0075.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db")) returned 0x2020 [0075.631] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.631] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.631] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0075.632] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.633] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.634] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0075.634] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.634] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.634] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.634] FlushFileBuffers (hFile=0x32c) returned 1 [0075.636] FlushFileBuffers (hFile=0x368) returned 1 [0075.638] CloseHandle (hObject=0x32c) returned 1 [0075.638] CloseHandle (hObject=0x368) returned 1 [0075.642] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db")) returned 1 [0075.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.643] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=24) returned 1 [0075.643] CloseHandle (hObject=0x368) returned 1 [0075.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db")) returned 0x2020 [0075.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db")) returned 0x2020 [0075.643] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0075.643] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.643] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x32c [0075.644] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18, lpOverlapped=0x0) returned 1 [0075.645] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x20, lpOverlapped=0x0) returned 1 [0075.646] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x112, lpOverlapped=0x0) returned 1 [0075.646] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.646] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0075.646] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18, lpOverlapped=0x0) returned 1 [0075.646] FlushFileBuffers (hFile=0x368) returned 1 [0075.649] FlushFileBuffers (hFile=0x32c) returned 1 [0075.651] CloseHandle (hObject=0x368) returned 1 [0075.651] CloseHandle (hObject=0x32c) returned 1 [0075.653] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db")) returned 1 [0075.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.654] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1048576) returned 1 [0075.654] CloseHandle (hObject=0x32c) returned 1 [0075.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db")) returned 0x20 [0075.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db")) returned 0x20 [0075.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-shm"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.655] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=32768) returned 1 [0075.655] CloseHandle (hObject=0x32c) returned 1 [0075.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-shm")) returned 0x20 [0075.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-shm")) returned 0x20 [0075.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-shm.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-shm.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-shm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-wal"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.656] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=49472) returned 1 [0075.656] CloseHandle (hObject=0x32c) returned 1 [0075.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-wal")) returned 0x20 [0075.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-wal")) returned 0x20 [0075.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-wal.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-wal.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpndatabase.db-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\notifications\\wpndatabase.db-wal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0075.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\SettingSync\\metastore\\meta.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\settingsync\\metastore\\meta.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.658] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=1441792) returned 1 [0075.658] CloseHandle (hObject=0x32c) returned 1 [0075.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\SettingSync\\metastore\\meta.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\settingsync\\metastore\\meta.edb")) returned 0x20 [0075.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\SettingSync\\metastore\\meta.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\settingsync\\metastore\\meta.edb")) returned 0x20 [0075.658] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\SettingSync\\metastore\\meta.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\settingsync\\metastore\\meta.edb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\SettingSync\\metastore\\meta.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\settingsync\\metastore\\meta.edb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0075.659] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.659] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0075.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\SettingSync\\metastore\\meta.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\settingsync\\metastore\\meta.edb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0075.659] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0075.931] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0076.200] ReadFile (in: hFile=0x32c, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x4ff00, lpOverlapped=0x0) returned 1 [0076.204] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4ff10, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x4ff10, lpOverlapped=0x0) returned 1 [0076.211] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0076.211] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0076.211] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0076.211] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0076.218] WriteFile (in: hFile=0x32c, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4fefe, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x4fefe, lpOverlapped=0x0) returned 1 [0076.218] FlushFileBuffers (hFile=0x32c) returned 1 [0076.232] FlushFileBuffers (hFile=0x368) returned 1 [0076.543] CloseHandle (hObject=0x32c) returned 1 [0076.568] CloseHandle (hObject=0x368) returned 1 [0076.960] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Windows\\SettingSync\\metastore\\meta.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\windows\\settingsync\\metastore\\meta.edb")) returned 1 [0076.961] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\mozilla\\firefox\\profiles\\w7cr0hor.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0076.961] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=262144) returned 1 [0076.962] CloseHandle (hObject=0x368) returned 1 [0076.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\mozilla\\firefox\\profiles\\w7cr0hor.default\\offlinecache\\index.sqlite")) returned 0x20 [0076.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\mozilla\\firefox\\profiles\\w7cr0hor.default\\offlinecache\\index.sqlite")) returned 0x20 [0076.962] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\OfflineCache\\index.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\mozilla\\firefox\\profiles\\w7cr0hor.default\\offlinecache\\index.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\mozilla\\firefox\\profiles\\w7cr0hor.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0076.962] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0076.962] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0077.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\OfflineCache\\index.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\mozilla\\firefox\\profiles\\w7cr0hor.default\\offlinecache\\index.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2bc [0077.034] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x40000, lpOverlapped=0x0) returned 1 [0077.039] WriteFile (in: hFile=0x2bc, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x40010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x40010, lpOverlapped=0x0) returned 1 [0077.044] WriteFile (in: hFile=0x2bc, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0077.044] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0077.045] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0077.045] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x40000, lpOverlapped=0x0) returned 1 [0077.045] FlushFileBuffers (hFile=0x368) returned 1 [0077.090] FlushFileBuffers (hFile=0x2bc) returned 1 [0077.341] CloseHandle (hObject=0x368) returned 1 [0077.347] CloseHandle (hObject=0x2bc) returned 1 [0077.354] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\mozilla\\firefox\\profiles\\w7cr0hor.default\\offlinecache\\index.sqlite")) returned 1 [0077.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DataStore\\Data\\nouser1\\120712-0049\\DBStore\\spartan.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\datastore\\data\\nouser1\\120712-0049\\dbstore\\spartan.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0077.369] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=2097152) returned 1 [0077.369] CloseHandle (hObject=0x2bc) returned 1 [0077.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DataStore\\Data\\nouser1\\120712-0049\\DBStore\\spartan.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\datastore\\data\\nouser1\\120712-0049\\dbstore\\spartan.edb")) returned 0x2020 [0077.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DataStore\\Data\\nouser1\\120712-0049\\DBStore\\spartan.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\datastore\\data\\nouser1\\120712-0049\\dbstore\\spartan.edb")) returned 0x2020 [0077.369] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DataStore\\Data\\nouser1\\120712-0049\\DBStore\\spartan.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\datastore\\data\\nouser1\\120712-0049\\dbstore\\spartan.edb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0077.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DataStore\\Data\\nouser1\\120712-0049\\DBStore\\spartan.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\datastore\\data\\nouser1\\120712-0049\\dbstore\\spartan.edb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0077.369] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0077.370] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0077.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DataStore\\Data\\nouser1\\120712-0049\\DBStore\\spartan.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\datastore\\data\\nouser1\\120712-0049\\dbstore\\spartan.edb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x2020, hTemplateFile=0x0) returned 0x368 [0077.373] ReadFile (in: hFile=0x2bc, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0077.683] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0077.934] ReadFile (in: hFile=0x2bc, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0xeff00, lpOverlapped=0x0) returned 1 [0077.944] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xeff10, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xeff10, lpOverlapped=0x0) returned 1 [0077.964] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0077.964] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0077.964] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0077.964] WriteFile (in: hFile=0x2bc, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0077.970] WriteFile (in: hFile=0x2bc, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xefefe, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0xefefe, lpOverlapped=0x0) returned 1 [0078.300] FlushFileBuffers (hFile=0x2bc) returned 1 [0078.309] FlushFileBuffers (hFile=0x368) returned 1 [0078.425] CloseHandle (hObject=0x2bc) returned 1 [0078.709] CloseHandle (hObject=0x368) returned 1 [0079.120] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DataStore\\Data\\nouser1\\120712-0049\\DBStore\\spartan.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\datastore\\data\\nouser1\\120712-0049\\dbstore\\spartan.edb")) returned 1 [0079.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0079.294] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=2621440) returned 1 [0079.294] CloseHandle (hObject=0x368) returned 1 [0079.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb")) returned 0x220 [0079.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb")) returned 0x220 [0079.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0079.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0079.295] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0079.295] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0079.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x220, hTemplateFile=0x0) returned 0x304 [0079.296] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0079.345] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0079.533] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0079.788] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0079.808] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x5fe00, lpOverlapped=0x0) returned 1 [0079.812] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x5fe10, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x5fe10, lpOverlapped=0x0) returned 1 [0079.819] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0079.819] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0079.819] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0079.819] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0080.219] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0080.232] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x5fdfc, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x5fdfc, lpOverlapped=0x0) returned 1 [0080.233] FlushFileBuffers (hFile=0x368) returned 1 [0080.239] FlushFileBuffers (hFile=0x304) returned 1 [0080.757] CloseHandle (hObject=0x368) returned 1 [0080.968] CloseHandle (hObject=0x304) returned 1 [0081.414] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb")) returned 1 [0081.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0081.420] GetFileSizeEx (in: hFile=0x304, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=6291456) returned 1 [0081.420] CloseHandle (hObject=0x304) returned 1 [0081.420] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb")) returned 0x220 [0081.420] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb")) returned 0x220 [0081.420] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0081.420] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0081.420] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0081.420] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0081.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x220, hTemplateFile=0x0) returned 0x368 [0081.421] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0081.844] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0081.869] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0082.302] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0082.322] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0082.494] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0082.617] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0082.650] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0082.859] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0082.880] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0082.901] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0xafb00, lpOverlapped=0x0) returned 1 [0083.403] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xafb10, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xafb10, lpOverlapped=0x0) returned 1 [0083.417] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0083.417] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0083.417] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0083.417] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0083.433] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0083.603] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0083.617] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0083.631] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0083.784] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xafaf6, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0xafaf6, lpOverlapped=0x0) returned 1 [0083.786] FlushFileBuffers (hFile=0x304) returned 1 [0083.799] FlushFileBuffers (hFile=0x368) returned 1 [0083.943] CloseHandle (hObject=0x304) returned 1 [0083.944] CloseHandle (hObject=0x368) returned 1 [0083.944] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb")) returned 1 [0083.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0083.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\access\\accesscache.accdb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0083.956] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=200704) returned 1 [0083.956] CloseHandle (hObject=0x368) returned 1 [0083.956] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\access\\accesscache.accdb")) returned 0x20 [0083.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\access\\accesscache.accdb")) returned 0x20 [0083.957] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\access\\accesscache.accdb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0083.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\access\\accesscache.accdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0083.957] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0083.957] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0083.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\access\\accesscache.accdb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x304 [0083.957] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x31000, lpOverlapped=0x0) returned 1 [0083.963] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x31010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x31010, lpOverlapped=0x0) returned 1 [0083.968] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0083.968] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0083.968] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0083.968] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x31000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x31000, lpOverlapped=0x0) returned 1 [0083.969] FlushFileBuffers (hFile=0x368) returned 1 [0083.998] FlushFileBuffers (hFile=0x304) returned 1 [0084.004] CloseHandle (hObject=0x368) returned 1 [0084.005] CloseHandle (hObject=0x304) returned 1 [0084.005] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\access\\accesscache.accdb")) returned 1 [0084.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\content-prefs.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\content-prefs.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0084.008] GetFileSizeEx (in: hFile=0x304, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=229376) returned 1 [0084.008] CloseHandle (hObject=0x304) returned 1 [0084.008] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\content-prefs.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\content-prefs.sqlite")) returned 0x20 [0084.008] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\content-prefs.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\content-prefs.sqlite")) returned 0x20 [0084.008] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\content-prefs.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\content-prefs.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\content-prefs.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\content-prefs.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0084.009] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0084.009] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0084.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\content-prefs.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\content-prefs.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0084.012] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x38000, lpOverlapped=0x0) returned 1 [0084.018] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x38010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x38010, lpOverlapped=0x0) returned 1 [0084.022] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0084.022] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0084.022] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0084.022] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x38000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x38000, lpOverlapped=0x0) returned 1 [0084.023] FlushFileBuffers (hFile=0x304) returned 1 [0084.291] FlushFileBuffers (hFile=0x368) returned 1 [0084.292] CloseHandle (hObject=0x304) returned 1 [0084.293] CloseHandle (hObject=0x368) returned 1 [0084.293] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\content-prefs.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\content-prefs.sqlite")) returned 1 [0084.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0084.296] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=5242880) returned 1 [0084.296] CloseHandle (hObject=0x368) returned 1 [0084.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite")) returned 0x20 [0084.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite")) returned 0x20 [0084.296] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0084.296] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0084.296] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0084.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x304 [0084.296] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0084.532] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0084.604] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0084.640] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0084.789] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0084.820] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0084.933] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x110100, lpOverlapped=0x0) returned 1 [0084.952] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x110100, lpOverlapped=0x0) returned 1 [0085.202] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0xbfc00, lpOverlapped=0x0) returned 1 [0085.210] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xbfc10, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xbfc10, lpOverlapped=0x0) returned 1 [0085.638] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0085.638] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0085.638] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0085.638] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0085.653] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0085.666] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0085.917] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x110102, lpOverlapped=0x0) returned 1 [0085.960] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xbfbf8, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0xbfbf8, lpOverlapped=0x0) returned 1 [0085.962] FlushFileBuffers (hFile=0x368) returned 1 [0086.832] FlushFileBuffers (hFile=0x304) returned 1 [0086.850] CloseHandle (hObject=0x368) returned 1 [0086.850] CloseHandle (hObject=0x304) returned 1 [0086.850] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite")) returned 1 [0086.859] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\secmod.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\secmod.db"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0086.860] GetFileSizeEx (in: hFile=0x304, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=16384) returned 1 [0086.860] CloseHandle (hObject=0x304) returned 1 [0086.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\secmod.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\secmod.db")) returned 0x20 [0086.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\secmod.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\secmod.db")) returned 0x20 [0086.860] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\secmod.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\secmod.db.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\secmod.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\secmod.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0086.860] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0086.860] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0086.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\secmod.db.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\secmod.db.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0086.860] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x4000, lpOverlapped=0x0) returned 1 [0086.862] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x4010, lpOverlapped=0x0) returned 1 [0086.863] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0086.864] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0086.864] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0086.864] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x4000, lpOverlapped=0x0) returned 1 [0086.864] FlushFileBuffers (hFile=0x304) returned 1 [0087.057] FlushFileBuffers (hFile=0x368) returned 1 [0087.068] CloseHandle (hObject=0x304) returned 1 [0087.072] CloseHandle (hObject=0x368) returned 1 [0087.072] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\secmod.db" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\secmod.db")) returned 1 [0087.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0087.074] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=49152) returned 1 [0087.074] CloseHandle (hObject=0x368) returned 1 [0087.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite")) returned 0x20 [0087.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite")) returned 0x20 [0087.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0087.075] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.075] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x304 [0087.075] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0xc000, lpOverlapped=0x0) returned 1 [0087.080] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xc010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xc010, lpOverlapped=0x0) returned 1 [0087.082] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x112, lpOverlapped=0x0) returned 1 [0087.082] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.082] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.082] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xc000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0xc000, lpOverlapped=0x0) returned 1 [0087.082] FlushFileBuffers (hFile=0x368) returned 1 [0087.087] FlushFileBuffers (hFile=0x304) returned 1 [0087.097] CloseHandle (hObject=0x368) returned 1 [0087.097] CloseHandle (hObject=0x304) returned 1 [0087.098] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite")) returned 1 [0087.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0087.100] GetFileSizeEx (in: hFile=0x304, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=122880) returned 1 [0087.101] CloseHandle (hObject=0x304) returned 1 [0087.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite")) returned 0x20 [0087.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite")) returned 0x20 [0087.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0087.101] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.101] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0087.101] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x1e000, lpOverlapped=0x0) returned 1 [0087.105] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x1e010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x1e010, lpOverlapped=0x0) returned 1 [0087.107] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x112, lpOverlapped=0x0) returned 1 [0087.108] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.108] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.108] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x1e000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x1e000, lpOverlapped=0x0) returned 1 [0087.108] FlushFileBuffers (hFile=0x304) returned 1 [0087.253] FlushFileBuffers (hFile=0x368) returned 1 [0087.255] CloseHandle (hObject=0x304) returned 1 [0087.256] CloseHandle (hObject=0x368) returned 1 [0087.256] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite")) returned 1 [0087.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0087.258] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=512) returned 1 [0087.258] CloseHandle (hObject=0x368) returned 1 [0087.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage.sqlite")) returned 0x20 [0087.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage.sqlite")) returned 0x20 [0087.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0087.259] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.259] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x304 [0087.259] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x200, lpOverlapped=0x0) returned 1 [0087.260] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x210, lpOverlapped=0x0) returned 1 [0087.261] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0087.261] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.261] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.261] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x200, lpOverlapped=0x0) returned 1 [0087.261] FlushFileBuffers (hFile=0x368) returned 1 [0087.268] FlushFileBuffers (hFile=0x304) returned 1 [0087.277] CloseHandle (hObject=0x368) returned 1 [0087.277] CloseHandle (hObject=0x304) returned 1 [0087.277] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\storage.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\storage.sqlite")) returned 1 [0087.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\webappsstore.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\webappsstore.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0087.279] GetFileSizeEx (in: hFile=0x304, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=98304) returned 1 [0087.279] CloseHandle (hObject=0x304) returned 1 [0087.279] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\webappsstore.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\webappsstore.sqlite")) returned 0x20 [0087.279] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\webappsstore.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\webappsstore.sqlite")) returned 0x20 [0087.279] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\webappsstore.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\webappsstore.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\webappsstore.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\webappsstore.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x304 [0087.279] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.279] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\webappsstore.sqlite.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\webappsstore.sqlite.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x368 [0087.280] ReadFile (in: hFile=0x304, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x18000, lpOverlapped=0x0) returned 1 [0087.283] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x18010, lpOverlapped=0x0) returned 1 [0087.285] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x102, lpOverlapped=0x0) returned 1 [0087.285] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.285] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.286] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x18000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x18000, lpOverlapped=0x0) returned 1 [0087.286] FlushFileBuffers (hFile=0x304) returned 1 [0087.457] FlushFileBuffers (hFile=0x368) returned 1 [0087.459] CloseHandle (hObject=0x304) returned 1 [0087.460] CloseHandle (hObject=0x368) returned 1 [0087.460] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\webappsstore.sqlite" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\webappsstore.sqlite")) returned 1 [0087.462] ResetEvent (hEvent=0x278) returned 1 [0087.462] SetEvent (hEvent=0x27c) returned 1 [0087.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0087.463] GetFileSizeEx (in: hFile=0x368, lpFileSize=0xfaf850 | out: lpFileSize=0xfaf850*=348160) returned 1 [0087.463] CloseHandle (hObject=0x368) returned 1 [0087.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb")) returned 0x20 [0087.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb")) returned 0x20 [0087.463] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x368 [0087.463] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.463] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf818 | out: lpNewFilePointer=0x0) returned 1 [0087.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\Documents\\Database1.accdb.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\users\\fd1hvy\\documents\\database1.accdb.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x304 [0087.464] ReadFile (in: hFile=0x368, lpBuffer=0x4a4c020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0xfaf82c, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesRead=0xfaf82c*=0x55000, lpOverlapped=0x0) returned 1 [0087.475] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x55010, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0x55010, lpOverlapped=0x0) returned 1 [0087.481] WriteFile (in: hFile=0x304, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xfaf804, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf804*=0xf2, lpOverlapped=0x0) returned 1 [0087.481] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.481] SetFilePointerEx (in: hFile=0x368, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xfaf578 | out: lpNewFilePointer=0x0) returned 1 [0087.481] WriteFile (in: hFile=0x368, lpBuffer=0x4a4c020*, nNumberOfBytesToWrite=0x55000, lpNumberOfBytesWritten=0xfaf584, lpOverlapped=0x0 | out: lpBuffer=0x4a4c020*, lpNumberOfBytesWritten=0xfaf584*=0x55000, lpOverlapped=0x0) returned 1 [0087.482] FlushFileBuffers (hFile=0x368) returned 1 [0087.489] FlushFileBuffers (hFile=0x304) Thread: id = 18 os_tid = 0xdf8 [0053.331] GetProcessHeap () returned 0x4b0000 [0053.331] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4b60048 [0053.331] GetProcessHeap () returned 0x4b0000 [0053.331] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4b70050 [0053.332] GetProcessHeap () returned 0x4b0000 [0053.332] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x570e40 [0053.332] GetProcessHeap () returned 0x4b0000 [0053.332] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x110102) returned 0x4c6a020 [0053.335] GetProcessHeap () returned 0x4b0000 [0053.335] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4d0c08 [0053.335] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0053.335] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0053.335] Wow64DisableWow64FsRedirection (in: OldValue=0x102fa68 | out: OldValue=0x102fa68*=0x0) returned 1 [0053.335] GetProcessHeap () returned 0x4b0000 [0053.335] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0c08 | out: hHeap=0x4b0000) returned 1 [0053.335] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0053.365] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=42674) returned 1 [0053.366] CloseHandle (hObject=0x2bc) returned 1 [0053.366] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log")) returned 0x20 [0053.367] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log")) returned 0x20 [0053.367] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.367] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0053.367] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.367] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.367] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2c0 [0053.367] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xa6b2, lpOverlapped=0x0) returned 1 [0053.383] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xa6c0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xa6c0, lpOverlapped=0x0) returned 1 [0053.385] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x122, lpOverlapped=0x0) returned 1 [0053.385] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.385] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.385] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xa6b2, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xa6b2, lpOverlapped=0x0) returned 1 [0053.385] FlushFileBuffers (hFile=0x2bc) returned 1 [0053.819] FlushFileBuffers (hFile=0x2c0) returned 1 [0053.821] CloseHandle (hObject=0x2bc) returned 1 [0053.823] CloseHandle (hObject=0x2c0) returned 1 [0053.824] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log")) returned 1 [0053.826] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0053.826] GetFileSizeEx (in: hFile=0x2c0, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=40) returned 1 [0053.826] CloseHandle (hObject=0x2c0) returned 1 [0053.826] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log")) returned 0x20 [0053.826] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log")) returned 0x20 [0053.827] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.827] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0053.827] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.827] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.827] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2bc [0053.827] ReadFile (in: hFile=0x2c0, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x28, lpOverlapped=0x0) returned 1 [0053.828] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x30, lpOverlapped=0x0) returned 1 [0053.829] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x112, lpOverlapped=0x0) returned 1 [0053.830] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.830] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.830] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x28, lpOverlapped=0x0) returned 1 [0053.830] FlushFileBuffers (hFile=0x2c0) returned 1 [0053.839] FlushFileBuffers (hFile=0x2bc) returned 1 [0053.867] CloseHandle (hObject=0x2c0) returned 1 [0053.868] CloseHandle (hObject=0x2bc) returned 1 [0053.868] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log")) returned 1 [0053.869] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0053.871] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=156) returned 1 [0053.871] CloseHandle (hObject=0x2bc) returned 1 [0053.871] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini")) returned 0x20 [0053.871] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini")) returned 0x20 [0053.871] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.871] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0053.871] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.871] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.871] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2c0 [0053.871] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x9c, lpOverlapped=0x0) returned 1 [0053.872] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xa0, lpOverlapped=0x0) returned 1 [0053.874] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0053.874] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.874] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.874] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x9c, lpOverlapped=0x0) returned 1 [0053.874] FlushFileBuffers (hFile=0x2bc) returned 1 [0053.876] FlushFileBuffers (hFile=0x2c0) returned 1 [0053.878] CloseHandle (hObject=0x2bc) returned 1 [0053.879] CloseHandle (hObject=0x2c0) returned 1 [0053.880] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini")) returned 1 [0053.881] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0053.881] GetFileSizeEx (in: hFile=0x2c0, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=577) returned 1 [0053.881] CloseHandle (hObject=0x2c0) returned 1 [0053.881] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd")) returned 0x20 [0053.881] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd")) returned 0x20 [0053.881] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.881] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0053.881] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.881] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.881] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2bc [0053.882] ReadFile (in: hFile=0x2c0, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x241, lpOverlapped=0x0) returned 1 [0053.883] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x250, lpOverlapped=0x0) returned 1 [0053.884] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x112, lpOverlapped=0x0) returned 1 [0053.884] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.884] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.884] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x241, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x241, lpOverlapped=0x0) returned 1 [0053.885] FlushFileBuffers (hFile=0x2c0) returned 1 [0053.886] FlushFileBuffers (hFile=0x2bc) returned 1 [0053.888] CloseHandle (hObject=0x2c0) returned 1 [0053.888] CloseHandle (hObject=0x2bc) returned 1 [0053.889] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd")) returned 1 [0053.890] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0053.891] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=74) returned 1 [0053.891] CloseHandle (hObject=0x2bc) returned 1 [0053.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd")) returned 0x20 [0053.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd")) returned 0x20 [0053.891] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.891] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0053.891] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.891] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.891] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2c0 [0053.892] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4a, lpOverlapped=0x0) returned 1 [0053.893] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x50, lpOverlapped=0x0) returned 1 [0053.894] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0053.894] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.894] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.894] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4a, lpOverlapped=0x0) returned 1 [0053.894] FlushFileBuffers (hFile=0x2bc) returned 1 [0053.896] FlushFileBuffers (hFile=0x2c0) returned 1 [0053.898] CloseHandle (hObject=0x2bc) returned 1 [0053.899] CloseHandle (hObject=0x2c0) returned 1 [0053.899] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd")) returned 1 [0053.901] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0053.901] GetFileSizeEx (in: hFile=0x2c0, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=307) returned 1 [0053.901] CloseHandle (hObject=0x2c0) returned 1 [0053.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd")) returned 0x20 [0053.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd")) returned 0x20 [0053.901] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.902] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0053.902] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.902] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0053.902] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2bc [0053.902] ReadFile (in: hFile=0x2c0, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x133, lpOverlapped=0x0) returned 1 [0053.903] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x140, lpOverlapped=0x0) returned 1 [0053.904] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0053.905] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.905] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0053.905] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x133, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x133, lpOverlapped=0x0) returned 1 [0053.905] FlushFileBuffers (hFile=0x2c0) returned 1 [0054.599] FlushFileBuffers (hFile=0x2bc) returned 1 [0054.600] CloseHandle (hObject=0x2c0) returned 1 [0054.601] CloseHandle (hObject=0x2bc) returned 1 [0054.602] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd")) returned 1 [0054.607] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0054.607] GetFileSizeEx (in: hFile=0x2c0, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=129) returned 1 [0054.607] CloseHandle (hObject=0x2c0) returned 1 [0054.607] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini")) returned 0x26 [0054.607] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini")) returned 0x26 [0054.607] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.607] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0054.607] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0054.607] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0054.607] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x26, hTemplateFile=0x0) returned 0x2a8 [0054.608] ReadFile (in: hFile=0x2c0, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x81, lpOverlapped=0x0) returned 1 [0054.608] WriteFile (in: hFile=0x2a8, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x90, lpOverlapped=0x0) returned 1 [0054.609] WriteFile (in: hFile=0x2a8, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0054.609] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0054.609] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0054.609] WriteFile (in: hFile=0x2c0, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x81, lpOverlapped=0x0) returned 1 [0054.610] FlushFileBuffers (hFile=0x2c0) returned 1 [0054.682] FlushFileBuffers (hFile=0x2a8) returned 1 [0054.700] CloseHandle (hObject=0x2c0) returned 1 [0054.701] CloseHandle (hObject=0x2a8) returned 1 [0054.702] DeleteFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini")) returned 1 [0054.703] CreateFileW (lpFileName="\\\\?\\C:\\$WINRE_BACKUP_PARTITION.MARKER" (normalized: "c:\\$winre_backup_partition.marker"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0054.707] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=0) returned 1 [0054.707] CloseHandle (hObject=0x314) returned 1 [0054.707] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0054.708] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=74214) returned 1 [0054.708] CloseHandle (hObject=0x314) returned 1 [0054.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml")) returned 0x80 [0054.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml")) returned 0x80 [0054.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.709] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.709] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0054.709] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0054.709] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x330 [0054.736] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x121e6, lpOverlapped=0x0) returned 1 [0054.743] WriteFile (in: hFile=0x330, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x121f0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x121f0, lpOverlapped=0x0) returned 1 [0054.745] WriteFile (in: hFile=0x330, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0054.745] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0054.745] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0054.745] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x121e6, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x121e6, lpOverlapped=0x0) returned 1 [0054.745] FlushFileBuffers (hFile=0x2bc) returned 1 [0054.946] FlushFileBuffers (hFile=0x330) returned 1 [0054.956] CloseHandle (hObject=0x2bc) returned 1 [0054.959] CloseHandle (hObject=0x330) returned 1 [0054.960] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml")) returned 1 [0054.962] SetEvent (hEvent=0x28c) returned 1 [0054.962] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0054.964] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=14168) returned 1 [0054.964] CloseHandle (hObject=0x330) returned 1 [0054.964] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll")) returned 0x80 [0054.964] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll")) returned 0x80 [0054.964] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.964] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0054.964] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0054.964] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0054.964] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.965] ReadFile (in: hFile=0x330, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x3758, lpOverlapped=0x0) returned 1 [0054.969] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x3760, lpOverlapped=0x0) returned 1 [0054.971] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0054.971] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0054.971] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0054.971] WriteFile (in: hFile=0x330, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3758, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x3758, lpOverlapped=0x0) returned 1 [0054.971] FlushFileBuffers (hFile=0x330) returned 1 [0055.170] FlushFileBuffers (hFile=0x2bc) returned 1 [0055.179] CloseHandle (hObject=0x330) returned 1 [0055.180] CloseHandle (hObject=0x2bc) returned 1 [0055.181] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1028\\setupresources.dll")) returned 1 [0055.182] SetEvent (hEvent=0x28c) returned 1 [0055.182] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0055.184] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=80970) returned 1 [0055.184] CloseHandle (hObject=0x330) returned 1 [0055.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml")) returned 0x80 [0055.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml")) returned 0x80 [0055.185] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0055.185] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0055.185] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0055.185] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0055.185] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0055.185] ReadFile (in: hFile=0x330, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x13c4a, lpOverlapped=0x0) returned 1 [0055.193] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x13c50, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x13c50, lpOverlapped=0x0) returned 1 [0055.196] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0055.196] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0055.196] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0055.197] WriteFile (in: hFile=0x330, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x13c4a, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x13c4a, lpOverlapped=0x0) returned 1 [0055.197] FlushFileBuffers (hFile=0x330) returned 1 [0056.135] FlushFileBuffers (hFile=0x328) returned 1 [0064.148] CloseHandle (hObject=0x330) returned 1 [0064.150] CloseHandle (hObject=0x328) returned 1 [0064.153] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml")) returned 1 [0064.155] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0064.155] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3314) returned 1 [0064.155] CloseHandle (hObject=0x328) returned 1 [0064.155] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf")) returned 0x80 [0064.155] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf")) returned 0x80 [0064.155] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.155] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0064.155] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0064.155] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0064.155] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x330 [0064.340] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xcf2, lpOverlapped=0x0) returned 1 [0064.344] WriteFile (in: hFile=0x330, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xd00, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xd00, lpOverlapped=0x0) returned 1 [0064.345] WriteFile (in: hFile=0x330, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0064.346] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0064.346] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0064.346] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xcf2, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xcf2, lpOverlapped=0x0) returned 1 [0064.346] FlushFileBuffers (hFile=0x328) returned 1 [0064.366] FlushFileBuffers (hFile=0x330) returned 1 [0064.448] CloseHandle (hObject=0x328) returned 1 [0064.449] CloseHandle (hObject=0x330) returned 1 [0064.450] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf")) returned 1 [0064.451] SetEvent (hEvent=0x28c) returned 1 [0064.451] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0064.452] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77748) returned 1 [0064.452] CloseHandle (hObject=0x330) returned 1 [0064.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml")) returned 0x80 [0064.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml")) returned 0x80 [0064.452] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.452] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0064.452] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0064.452] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0064.452] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0064.452] ReadFile (in: hFile=0x330, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x12fb4, lpOverlapped=0x0) returned 1 [0064.455] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x12fc0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x12fc0, lpOverlapped=0x0) returned 1 [0064.457] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0064.457] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0064.457] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0064.457] WriteFile (in: hFile=0x330, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x12fb4, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x12fb4, lpOverlapped=0x0) returned 1 [0064.458] FlushFileBuffers (hFile=0x330) returned 1 [0064.649] FlushFileBuffers (hFile=0x328) returned 1 [0064.650] CloseHandle (hObject=0x330) returned 1 [0064.652] CloseHandle (hObject=0x328) returned 1 [0064.654] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml")) returned 1 [0064.656] SetEvent (hEvent=0x28c) returned 1 [0064.656] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0064.660] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=18264) returned 1 [0064.660] CloseHandle (hObject=0x310) returned 1 [0064.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll")) returned 0x80 [0064.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll")) returned 0x80 [0064.660] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.660] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0064.660] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0064.660] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0064.660] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0064.660] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4758, lpOverlapped=0x0) returned 1 [0064.662] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4760, lpOverlapped=0x0) returned 1 [0064.663] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0064.663] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0064.663] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0064.663] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4758, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4758, lpOverlapped=0x0) returned 1 [0064.663] FlushFileBuffers (hFile=0x310) returned 1 [0065.099] FlushFileBuffers (hFile=0x328) returned 1 [0065.100] CloseHandle (hObject=0x310) returned 1 [0065.101] CloseHandle (hObject=0x328) returned 1 [0065.102] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1030\\setupresources.dll")) returned 1 [0065.103] SetEvent (hEvent=0x28c) returned 1 [0065.103] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0065.104] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=8876) returned 1 [0065.104] CloseHandle (hObject=0x328) returned 1 [0065.104] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf")) returned 0x80 [0065.104] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf")) returned 0x80 [0065.104] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0065.104] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0065.104] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.104] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.104] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0065.106] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x22ac, lpOverlapped=0x0) returned 1 [0065.107] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x22b0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x22b0, lpOverlapped=0x0) returned 1 [0065.108] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0065.108] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.108] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.109] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x22ac, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x22ac, lpOverlapped=0x0) returned 1 [0065.109] FlushFileBuffers (hFile=0x328) returned 1 [0065.110] FlushFileBuffers (hFile=0x310) returned 1 [0065.111] CloseHandle (hObject=0x328) returned 1 [0065.112] CloseHandle (hObject=0x310) returned 1 [0065.114] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf")) returned 1 [0065.115] SetEvent (hEvent=0x28c) returned 1 [0065.115] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0065.115] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=86284) returned 1 [0065.115] CloseHandle (hObject=0x310) returned 1 [0065.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml")) returned 0x80 [0065.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml")) returned 0x80 [0065.119] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0065.120] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0065.120] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.120] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.120] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0065.124] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x1510c, lpOverlapped=0x0) returned 1 [0065.127] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x15110, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x15110, lpOverlapped=0x0) returned 1 [0065.129] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0065.129] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.129] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.129] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x1510c, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x1510c, lpOverlapped=0x0) returned 1 [0065.130] FlushFileBuffers (hFile=0x310) returned 1 [0065.582] FlushFileBuffers (hFile=0x328) returned 1 [0065.583] CloseHandle (hObject=0x310) returned 1 [0065.586] CloseHandle (hObject=0x328) returned 1 [0065.588] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml")) returned 1 [0065.589] SetEvent (hEvent=0x28c) returned 1 [0065.590] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0065.590] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3188) returned 1 [0065.590] CloseHandle (hObject=0x328) returned 1 [0065.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf")) returned 0x80 [0065.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf")) returned 0x80 [0065.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0065.591] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0065.591] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.591] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.591] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0065.595] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xc74, lpOverlapped=0x0) returned 1 [0065.596] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xc80, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xc80, lpOverlapped=0x0) returned 1 [0065.597] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0065.598] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.598] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.598] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xc74, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xc74, lpOverlapped=0x0) returned 1 [0065.598] FlushFileBuffers (hFile=0x328) returned 1 [0065.600] FlushFileBuffers (hFile=0x310) returned 1 [0065.601] CloseHandle (hObject=0x328) returned 1 [0065.602] CloseHandle (hObject=0x310) returned 1 [0065.603] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf")) returned 1 [0065.604] SetEvent (hEvent=0x28c) returned 1 [0065.604] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0065.605] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77232) returned 1 [0065.605] CloseHandle (hObject=0x310) returned 1 [0065.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml")) returned 0x80 [0065.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml")) returned 0x80 [0065.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0065.605] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0065.605] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.605] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0065.605] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0065.606] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x12db0, lpOverlapped=0x0) returned 1 [0065.608] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x12dc0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x12dc0, lpOverlapped=0x0) returned 1 [0065.610] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0065.610] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.610] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0065.610] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x12db0, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x12db0, lpOverlapped=0x0) returned 1 [0065.611] FlushFileBuffers (hFile=0x310) returned 1 [0067.187] FlushFileBuffers (hFile=0x328) returned 1 [0067.687] CloseHandle (hObject=0x310) returned 1 [0067.689] CloseHandle (hObject=0x328) returned 1 [0067.691] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml")) returned 1 [0067.693] SetEvent (hEvent=0x28c) returned 1 [0067.693] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0067.693] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3702) returned 1 [0067.694] CloseHandle (hObject=0x328) returned 1 [0067.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf")) returned 0x80 [0067.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf")) returned 0x80 [0067.694] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0067.694] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0067.694] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0067.694] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0067.694] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0067.695] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xe76, lpOverlapped=0x0) returned 1 [0067.697] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xe80, lpOverlapped=0x0) returned 1 [0067.698] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0067.698] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0067.698] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0067.698] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xe76, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xe76, lpOverlapped=0x0) returned 1 [0067.698] FlushFileBuffers (hFile=0x328) returned 1 [0067.754] FlushFileBuffers (hFile=0x310) returned 1 [0067.892] CloseHandle (hObject=0x328) returned 1 [0067.893] CloseHandle (hObject=0x310) returned 1 [0067.895] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf")) returned 1 [0067.896] SetEvent (hEvent=0x28c) returned 1 [0067.896] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0067.896] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77022) returned 1 [0067.896] CloseHandle (hObject=0x310) returned 1 [0067.896] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml")) returned 0x80 [0067.896] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml")) returned 0x80 [0067.896] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0067.896] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0067.896] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0067.896] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0067.896] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0067.897] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x12cde, lpOverlapped=0x0) returned 1 [0067.900] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x12ce0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x12ce0, lpOverlapped=0x0) returned 1 [0067.902] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0067.902] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0067.902] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0067.902] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x12cde, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x12cde, lpOverlapped=0x0) returned 1 [0067.902] FlushFileBuffers (hFile=0x310) returned 1 [0068.056] FlushFileBuffers (hFile=0x328) returned 1 [0068.057] CloseHandle (hObject=0x310) returned 1 [0068.060] CloseHandle (hObject=0x328) returned 1 [0068.062] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml")) returned 1 [0068.063] SetEvent (hEvent=0x28c) returned 1 [0068.064] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.064] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3526) returned 1 [0068.064] CloseHandle (hObject=0x328) returned 1 [0068.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf")) returned 0x80 [0068.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf")) returned 0x80 [0068.064] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.064] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.064] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.064] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.064] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0068.067] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xdc6, lpOverlapped=0x0) returned 1 [0068.069] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xdd0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xdd0, lpOverlapped=0x0) returned 1 [0068.070] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0068.070] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.070] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.070] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xdc6, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xdc6, lpOverlapped=0x0) returned 1 [0068.070] FlushFileBuffers (hFile=0x328) returned 1 [0068.083] FlushFileBuffers (hFile=0x310) returned 1 [0068.084] CloseHandle (hObject=0x328) returned 1 [0068.085] CloseHandle (hObject=0x310) returned 1 [0068.086] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf")) returned 1 [0068.087] SetEvent (hEvent=0x28c) returned 1 [0068.087] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0068.087] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=18776) returned 1 [0068.087] CloseHandle (hObject=0x310) returned 1 [0068.087] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll")) returned 0x80 [0068.087] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll")) returned 0x80 [0068.087] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.087] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0068.087] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.087] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.088] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0068.089] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4958, lpOverlapped=0x0) returned 1 [0068.091] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4960, lpOverlapped=0x0) returned 1 [0068.092] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0068.092] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.093] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.093] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4958, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4958, lpOverlapped=0x0) returned 1 [0068.093] FlushFileBuffers (hFile=0x310) returned 1 [0068.126] FlushFileBuffers (hFile=0x328) returned 1 [0068.138] CloseHandle (hObject=0x310) returned 1 [0068.139] CloseHandle (hObject=0x328) returned 1 [0068.140] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1036\\setupresources.dll")) returned 1 [0068.141] SetEvent (hEvent=0x28c) returned 1 [0068.141] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.145] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=72076) returned 1 [0068.145] CloseHandle (hObject=0x328) returned 1 [0068.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml")) returned 0x80 [0068.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml")) returned 0x80 [0068.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.146] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.146] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.146] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.146] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0068.146] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x1198c, lpOverlapped=0x0) returned 1 [0068.149] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11990, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11990, lpOverlapped=0x0) returned 1 [0068.150] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0068.151] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.151] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.151] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x1198c, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x1198c, lpOverlapped=0x0) returned 1 [0068.151] FlushFileBuffers (hFile=0x328) returned 1 [0068.195] FlushFileBuffers (hFile=0x310) returned 1 [0068.196] CloseHandle (hObject=0x328) returned 1 [0068.198] CloseHandle (hObject=0x310) returned 1 [0068.200] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml")) returned 1 [0068.201] SetEvent (hEvent=0x28c) returned 1 [0068.202] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0068.202] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=4254) returned 1 [0068.202] CloseHandle (hObject=0x310) returned 1 [0068.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf")) returned 0x80 [0068.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf")) returned 0x80 [0068.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.202] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0068.202] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.202] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.202] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0068.204] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x109e, lpOverlapped=0x0) returned 1 [0068.205] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x10a0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x10a0, lpOverlapped=0x0) returned 1 [0068.206] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0068.206] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.206] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.206] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x109e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x109e, lpOverlapped=0x0) returned 1 [0068.206] FlushFileBuffers (hFile=0x310) returned 1 [0068.220] FlushFileBuffers (hFile=0x328) returned 1 [0068.221] CloseHandle (hObject=0x310) returned 1 [0068.222] CloseHandle (hObject=0x328) returned 1 [0068.222] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf")) returned 1 [0068.224] SetEvent (hEvent=0x28c) returned 1 [0068.224] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.224] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=86442) returned 1 [0068.224] CloseHandle (hObject=0x328) returned 1 [0068.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml")) returned 0x80 [0068.224] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml")) returned 0x80 [0068.225] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.225] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.225] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.225] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.225] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0068.225] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x151aa, lpOverlapped=0x0) returned 1 [0068.228] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x151b0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x151b0, lpOverlapped=0x0) returned 1 [0068.230] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0068.230] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.230] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.230] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x151aa, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x151aa, lpOverlapped=0x0) returned 1 [0068.231] FlushFileBuffers (hFile=0x328) returned 1 [0068.645] FlushFileBuffers (hFile=0x310) returned 1 [0068.647] CloseHandle (hObject=0x328) returned 1 [0068.649] CloseHandle (hObject=0x310) returned 1 [0068.651] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml")) returned 1 [0068.653] SetEvent (hEvent=0x28c) returned 1 [0068.653] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0068.654] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3643) returned 1 [0068.654] CloseHandle (hObject=0x310) returned 1 [0068.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf")) returned 0x80 [0068.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf")) returned 0x80 [0068.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.654] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0068.655] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.655] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.655] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0068.656] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xe3b, lpOverlapped=0x0) returned 1 [0068.657] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xe40, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xe40, lpOverlapped=0x0) returned 1 [0068.658] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0068.658] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.658] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.659] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xe3b, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xe3b, lpOverlapped=0x0) returned 1 [0068.659] FlushFileBuffers (hFile=0x310) returned 1 [0068.660] FlushFileBuffers (hFile=0x328) returned 1 [0068.661] CloseHandle (hObject=0x310) returned 1 [0068.662] CloseHandle (hObject=0x328) returned 1 [0068.664] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf")) returned 1 [0068.665] SetEvent (hEvent=0x28c) returned 1 [0068.665] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.665] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=80060) returned 1 [0068.665] CloseHandle (hObject=0x328) returned 1 [0068.665] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml")) returned 0x80 [0068.665] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml")) returned 0x80 [0068.665] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.665] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0068.665] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.666] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0068.666] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0068.666] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x138bc, lpOverlapped=0x0) returned 1 [0068.668] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x138c0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x138c0, lpOverlapped=0x0) returned 1 [0068.670] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0068.670] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.670] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0068.671] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x138bc, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x138bc, lpOverlapped=0x0) returned 1 [0068.671] FlushFileBuffers (hFile=0x328) returned 1 [0069.190] FlushFileBuffers (hFile=0x310) returned 1 [0069.196] CloseHandle (hObject=0x328) returned 1 [0069.198] CloseHandle (hObject=0x310) returned 1 [0069.200] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml")) returned 1 [0069.202] SetEvent (hEvent=0x28c) returned 1 [0069.202] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0069.202] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=10125) returned 1 [0069.202] CloseHandle (hObject=0x310) returned 1 [0069.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf")) returned 0x80 [0069.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf")) returned 0x80 [0069.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.203] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0069.203] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.203] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.203] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0069.205] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x278d, lpOverlapped=0x0) returned 1 [0069.206] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x2790, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x2790, lpOverlapped=0x0) returned 1 [0069.207] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0069.208] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.208] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.208] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x278d, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x278d, lpOverlapped=0x0) returned 1 [0069.208] FlushFileBuffers (hFile=0x310) returned 1 [0069.285] FlushFileBuffers (hFile=0x328) returned 1 [0069.286] CloseHandle (hObject=0x310) returned 1 [0069.287] CloseHandle (hObject=0x328) returned 1 [0069.288] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf")) returned 1 [0069.289] SetEvent (hEvent=0x28c) returned 1 [0069.289] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0069.289] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=15704) returned 1 [0069.290] CloseHandle (hObject=0x328) returned 1 [0069.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll")) returned 0x80 [0069.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll")) returned 0x80 [0069.290] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.290] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0069.290] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.290] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.290] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0069.290] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x3d58, lpOverlapped=0x0) returned 1 [0069.292] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3d60, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x3d60, lpOverlapped=0x0) returned 1 [0069.293] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0069.294] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.294] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.294] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3d58, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x3d58, lpOverlapped=0x0) returned 1 [0069.294] FlushFileBuffers (hFile=0x328) returned 1 [0069.437] FlushFileBuffers (hFile=0x310) returned 1 [0069.439] CloseHandle (hObject=0x328) returned 1 [0069.440] CloseHandle (hObject=0x310) returned 1 [0069.441] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1041\\setupresources.dll")) returned 1 [0069.442] SetEvent (hEvent=0x28c) returned 1 [0069.442] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0069.443] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=15192) returned 1 [0069.443] CloseHandle (hObject=0x310) returned 1 [0069.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll")) returned 0x80 [0069.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll")) returned 0x80 [0069.443] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.443] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0069.443] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.443] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.443] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0069.443] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x3b58, lpOverlapped=0x0) returned 1 [0069.445] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3b60, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x3b60, lpOverlapped=0x0) returned 1 [0069.447] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0069.447] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.447] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.447] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3b58, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x3b58, lpOverlapped=0x0) returned 1 [0069.447] FlushFileBuffers (hFile=0x310) returned 1 [0069.507] FlushFileBuffers (hFile=0x328) returned 1 [0069.510] CloseHandle (hObject=0x310) returned 1 [0069.511] CloseHandle (hObject=0x328) returned 1 [0069.512] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1042\\setupresources.dll")) returned 1 [0069.513] SetEvent (hEvent=0x28c) returned 1 [0069.514] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0069.515] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=19288) returned 1 [0069.515] CloseHandle (hObject=0x328) returned 1 [0069.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll")) returned 0x80 [0069.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll")) returned 0x80 [0069.515] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.515] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0069.515] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.515] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.515] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0069.515] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4b58, lpOverlapped=0x0) returned 1 [0069.526] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4b60, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4b60, lpOverlapped=0x0) returned 1 [0069.528] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0069.528] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.528] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.528] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4b58, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4b58, lpOverlapped=0x0) returned 1 [0069.528] FlushFileBuffers (hFile=0x328) returned 1 [0069.668] FlushFileBuffers (hFile=0x310) returned 1 [0069.670] CloseHandle (hObject=0x328) returned 1 [0069.671] CloseHandle (hObject=0x310) returned 1 [0069.672] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1043\\setupresources.dll")) returned 1 [0069.673] SetEvent (hEvent=0x28c) returned 1 [0069.673] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0069.674] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=17752) returned 1 [0069.674] CloseHandle (hObject=0x310) returned 1 [0069.680] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll")) returned 0x80 [0069.680] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll")) returned 0x80 [0069.681] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.681] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0069.681] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.681] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.681] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0069.681] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4558, lpOverlapped=0x0) returned 1 [0069.683] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4560, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4560, lpOverlapped=0x0) returned 1 [0069.685] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0069.686] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.686] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.686] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4558, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4558, lpOverlapped=0x0) returned 1 [0069.686] FlushFileBuffers (hFile=0x310) returned 1 [0069.886] FlushFileBuffers (hFile=0x328) returned 1 [0069.895] CloseHandle (hObject=0x310) returned 1 [0069.897] CloseHandle (hObject=0x328) returned 1 [0069.898] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1044\\setupresources.dll")) returned 1 [0069.899] SetEvent (hEvent=0x28c) returned 1 [0069.899] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0069.899] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=18264) returned 1 [0069.900] CloseHandle (hObject=0x328) returned 1 [0069.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll")) returned 0x80 [0069.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll")) returned 0x80 [0069.900] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.900] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0069.900] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.900] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0069.900] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0069.900] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4758, lpOverlapped=0x0) returned 1 [0069.905] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4760, lpOverlapped=0x0) returned 1 [0069.906] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0069.907] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.907] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0069.907] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4758, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4758, lpOverlapped=0x0) returned 1 [0069.907] FlushFileBuffers (hFile=0x328) returned 1 [0070.188] FlushFileBuffers (hFile=0x310) returned 1 [0070.189] CloseHandle (hObject=0x328) returned 1 [0070.190] CloseHandle (hObject=0x310) returned 1 [0070.191] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1045\\setupresources.dll")) returned 1 [0070.192] SetEvent (hEvent=0x28c) returned 1 [0070.192] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0070.193] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=18264) returned 1 [0070.193] CloseHandle (hObject=0x310) returned 1 [0070.193] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll")) returned 0x80 [0070.193] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll")) returned 0x80 [0070.193] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.193] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0070.193] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0070.193] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0070.193] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0070.193] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4758, lpOverlapped=0x0) returned 1 [0070.195] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4760, lpOverlapped=0x0) returned 1 [0070.196] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0070.197] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0070.197] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0070.197] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4758, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4758, lpOverlapped=0x0) returned 1 [0070.197] FlushFileBuffers (hFile=0x310) returned 1 [0070.406] FlushFileBuffers (hFile=0x328) returned 1 [0070.408] CloseHandle (hObject=0x310) returned 1 [0070.408] CloseHandle (hObject=0x328) returned 1 [0070.409] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1046\\setupresources.dll")) returned 1 [0070.410] SetEvent (hEvent=0x28c) returned 1 [0070.411] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0070.411] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=18264) returned 1 [0070.411] CloseHandle (hObject=0x328) returned 1 [0070.411] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll")) returned 0x80 [0070.411] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll")) returned 0x80 [0070.411] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.411] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0070.411] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0070.411] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0070.411] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0070.411] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4758, lpOverlapped=0x0) returned 1 [0070.413] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4760, lpOverlapped=0x0) returned 1 [0070.414] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0070.414] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0070.415] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0070.415] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4758, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4758, lpOverlapped=0x0) returned 1 [0070.415] FlushFileBuffers (hFile=0x328) returned 1 [0070.902] FlushFileBuffers (hFile=0x310) returned 1 [0070.950] CloseHandle (hObject=0x328) returned 1 [0070.963] CloseHandle (hObject=0x310) returned 1 [0070.964] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1049\\setupresources.dll")) returned 1 [0070.966] SetEvent (hEvent=0x28c) returned 1 [0070.966] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0070.966] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=17752) returned 1 [0070.966] CloseHandle (hObject=0x310) returned 1 [0070.966] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll")) returned 0x80 [0070.966] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll")) returned 0x80 [0070.966] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.967] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0070.967] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0070.967] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0070.967] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0070.967] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4558, lpOverlapped=0x0) returned 1 [0070.971] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4560, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4560, lpOverlapped=0x0) returned 1 [0070.972] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0070.972] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0070.972] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0070.972] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4558, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4558, lpOverlapped=0x0) returned 1 [0070.972] FlushFileBuffers (hFile=0x310) returned 1 [0071.430] FlushFileBuffers (hFile=0x328) returned 1 [0071.432] CloseHandle (hObject=0x310) returned 1 [0071.432] CloseHandle (hObject=0x328) returned 1 [0071.434] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1053\\setupresources.dll")) returned 1 [0071.435] SetEvent (hEvent=0x28c) returned 1 [0071.435] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0071.436] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=17752) returned 1 [0071.436] CloseHandle (hObject=0x328) returned 1 [0071.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll")) returned 0x80 [0071.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll")) returned 0x80 [0071.436] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0071.436] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0071.436] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0071.436] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0071.436] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0071.440] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4558, lpOverlapped=0x0) returned 1 [0071.443] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4560, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4560, lpOverlapped=0x0) returned 1 [0071.444] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0071.445] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0071.445] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0071.445] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4558, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4558, lpOverlapped=0x0) returned 1 [0071.445] FlushFileBuffers (hFile=0x328) returned 1 [0072.084] FlushFileBuffers (hFile=0x310) returned 1 [0072.085] CloseHandle (hObject=0x328) returned 1 [0072.085] CloseHandle (hObject=0x310) returned 1 [0072.087] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1055\\setupresources.dll")) returned 1 [0072.088] SetEvent (hEvent=0x28c) returned 1 [0072.088] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0072.088] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=60684) returned 1 [0072.088] CloseHandle (hObject=0x310) returned 1 [0072.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml")) returned 0x80 [0072.089] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml")) returned 0x80 [0072.089] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.089] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0072.089] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.089] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.089] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0072.089] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xed0c, lpOverlapped=0x0) returned 1 [0072.093] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xed10, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xed10, lpOverlapped=0x0) returned 1 [0072.095] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0072.095] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.095] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.095] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xed0c, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xed0c, lpOverlapped=0x0) returned 1 [0072.096] FlushFileBuffers (hFile=0x310) returned 1 [0072.482] FlushFileBuffers (hFile=0x328) returned 1 [0072.485] CloseHandle (hObject=0x310) returned 1 [0072.487] CloseHandle (hObject=0x328) returned 1 [0072.489] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml")) returned 1 [0072.491] SetEvent (hEvent=0x28c) returned 1 [0072.491] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0072.501] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=4015) returned 1 [0072.501] CloseHandle (hObject=0x314) returned 1 [0072.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf")) returned 0x80 [0072.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf")) returned 0x80 [0072.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.502] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0072.502] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.502] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.502] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0072.505] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xfaf, lpOverlapped=0x0) returned 1 [0072.512] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xfb0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xfb0, lpOverlapped=0x0) returned 1 [0072.514] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0072.514] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.514] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.514] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xfaf, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xfaf, lpOverlapped=0x0) returned 1 [0072.514] FlushFileBuffers (hFile=0x328) returned 1 [0072.516] FlushFileBuffers (hFile=0x2bc) returned 1 [0072.517] CloseHandle (hObject=0x328) returned 1 [0072.518] CloseHandle (hObject=0x2bc) returned 1 [0072.521] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf")) returned 1 [0072.522] SetEvent (hEvent=0x28c) returned 1 [0072.522] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0072.522] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=18776) returned 1 [0072.522] CloseHandle (hObject=0x2bc) returned 1 [0072.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll")) returned 0x80 [0072.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll")) returned 0x80 [0072.522] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.522] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0072.522] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.523] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.523] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0072.523] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x4958, lpOverlapped=0x0) returned 1 [0072.525] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x4960, lpOverlapped=0x0) returned 1 [0072.526] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0072.526] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.526] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.527] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x4958, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x4958, lpOverlapped=0x0) returned 1 [0072.527] FlushFileBuffers (hFile=0x2bc) returned 1 [0072.799] FlushFileBuffers (hFile=0x328) returned 1 [0072.800] CloseHandle (hObject=0x2bc) returned 1 [0072.800] CloseHandle (hObject=0x328) returned 1 [0072.802] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2070\\setupresources.dll")) returned 1 [0072.803] SetEvent (hEvent=0x28c) returned 1 [0072.803] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0072.803] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=60816) returned 1 [0072.803] CloseHandle (hObject=0x328) returned 1 [0072.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml")) returned 0x80 [0072.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml")) returned 0x80 [0072.803] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.803] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0072.804] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.804] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0072.804] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0072.804] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xed90, lpOverlapped=0x0) returned 1 [0072.806] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xeda0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xeda0, lpOverlapped=0x0) returned 1 [0072.808] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0072.808] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.808] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0072.809] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xed90, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xed90, lpOverlapped=0x0) returned 1 [0072.809] FlushFileBuffers (hFile=0x328) returned 1 [0073.310] FlushFileBuffers (hFile=0x2bc) returned 1 [0073.311] CloseHandle (hObject=0x328) returned 1 [0073.312] CloseHandle (hObject=0x2bc) returned 1 [0073.314] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3076\\localizeddata.xml")) returned 1 [0073.316] SetEvent (hEvent=0x28c) returned 1 [0073.316] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0073.316] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3069) returned 1 [0073.316] CloseHandle (hObject=0x2bc) returned 1 [0073.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf")) returned 0x80 [0073.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf")) returned 0x80 [0073.316] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0073.316] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0073.316] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0073.316] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0073.317] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0073.318] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xbfd, lpOverlapped=0x0) returned 1 [0073.320] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xc00, lpOverlapped=0x0) returned 1 [0073.321] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0073.322] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0073.322] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0073.322] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xbfd, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xbfd, lpOverlapped=0x0) returned 1 [0073.322] FlushFileBuffers (hFile=0x2bc) returned 1 [0073.324] FlushFileBuffers (hFile=0x328) returned 1 [0073.325] CloseHandle (hObject=0x2bc) returned 1 [0073.325] CloseHandle (hObject=0x328) returned 1 [0073.326] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3082\\eula.rtf")) returned 1 [0073.327] SetEvent (hEvent=0x28c) returned 1 [0073.327] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0073.327] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=79996) returned 1 [0073.327] CloseHandle (hObject=0x328) returned 1 [0073.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml")) returned 0x80 [0073.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml")) returned 0x80 [0073.327] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0073.327] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0073.328] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0073.328] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0073.328] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0073.328] ReadFile (in: hFile=0x328, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x1387c, lpOverlapped=0x0) returned 1 [0073.330] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x13880, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x13880, lpOverlapped=0x0) returned 1 [0073.333] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0073.333] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0073.333] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0073.333] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x1387c, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x1387c, lpOverlapped=0x0) returned 1 [0073.333] FlushFileBuffers (hFile=0x328) returned 1 [0074.260] FlushFileBuffers (hFile=0x2bc) returned 1 [0074.268] CloseHandle (hObject=0x328) returned 1 [0074.270] CloseHandle (hObject=0x2bc) returned 1 [0074.272] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\3082\\localizeddata.xml")) returned 1 [0074.273] SetEvent (hEvent=0x28c) returned 1 [0074.273] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0074.274] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=201796) returned 1 [0074.274] CloseHandle (hObject=0x2bc) returned 1 [0074.274] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml")) returned 0x80 [0074.274] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml")) returned 0x80 [0074.274] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.274] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0074.274] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0074.274] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0074.274] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0074.274] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x31444, lpOverlapped=0x0) returned 1 [0074.344] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x31450, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x31450, lpOverlapped=0x0) returned 1 [0074.348] WriteFile (in: hFile=0x328, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0074.348] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0074.348] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0074.349] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x31444, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x31444, lpOverlapped=0x0) returned 1 [0074.349] FlushFileBuffers (hFile=0x2bc) returned 1 [0074.362] FlushFileBuffers (hFile=0x328) returned 1 [0074.376] CloseHandle (hObject=0x2bc) returned 1 [0074.380] CloseHandle (hObject=0x328) returned 1 [0074.388] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\parameterinfo.xml")) returned 1 [0074.392] SetEvent (hEvent=0x28c) returned 1 [0074.392] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0074.392] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=16118) returned 1 [0074.392] CloseHandle (hObject=0x2bc) returned 1 [0074.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html")) returned 0x80 [0074.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html")) returned 0x80 [0074.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.392] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0074.392] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0074.392] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0074.393] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0074.393] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x3ef6, lpOverlapped=0x0) returned 1 [0074.398] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3f00, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x3f00, lpOverlapped=0x0) returned 1 [0074.399] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0074.400] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0074.400] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0074.400] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x3ef6, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x3ef6, lpOverlapped=0x0) returned 1 [0074.400] FlushFileBuffers (hFile=0x2bc) returned 1 [0075.048] FlushFileBuffers (hFile=0x310) returned 1 [0075.051] CloseHandle (hObject=0x2bc) returned 1 [0075.052] CloseHandle (hObject=0x310) returned 1 [0075.053] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DHtmlHeader.html" (normalized: "c:\\588bce7c90097ed212\\dhtmlheader.html")) returned 1 [0075.054] SetEvent (hEvent=0x28c) returned 1 [0075.054] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0075.055] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=93314) returned 1 [0075.055] CloseHandle (hObject=0x310) returned 1 [0075.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml")) returned 0x80 [0075.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml")) returned 0x80 [0075.055] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.055] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0075.055] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0075.055] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0075.055] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0075.055] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x16c82, lpOverlapped=0x0) returned 1 [0075.059] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x16c90, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x16c90, lpOverlapped=0x0) returned 1 [0075.062] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0075.062] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0075.062] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0075.062] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x16c82, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x16c82, lpOverlapped=0x0) returned 1 [0075.062] FlushFileBuffers (hFile=0x310) returned 1 [0075.497] FlushFileBuffers (hFile=0x2bc) returned 1 [0075.503] CloseHandle (hObject=0x310) returned 1 [0075.505] CloseHandle (hObject=0x2bc) returned 1 [0075.508] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\Parameterinfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\parameterinfo.xml")) returned 1 [0075.532] SetEvent (hEvent=0x28c) returned 1 [0075.532] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0075.535] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=1150) returned 1 [0075.535] CloseHandle (hObject=0x2bc) returned 1 [0075.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico")) returned 0x80 [0075.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico")) returned 0x80 [0075.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.536] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0075.536] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0075.536] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0075.536] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0075.536] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x47e, lpOverlapped=0x0) returned 1 [0075.540] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x480, lpOverlapped=0x0) returned 1 [0075.541] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0075.541] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0075.542] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0075.542] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x47e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x47e, lpOverlapped=0x0) returned 1 [0075.542] FlushFileBuffers (hFile=0x2bc) returned 1 [0075.781] FlushFileBuffers (hFile=0x310) returned 1 [0075.792] CloseHandle (hObject=0x2bc) returned 1 [0075.794] CloseHandle (hObject=0x310) returned 1 [0075.795] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Print.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\print.ico")) returned 1 [0075.796] SetEvent (hEvent=0x28c) returned 1 [0075.796] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0075.796] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=894) returned 1 [0075.796] CloseHandle (hObject=0x310) returned 1 [0075.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico")) returned 0x80 [0075.796] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico")) returned 0x80 [0075.797] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.797] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0075.797] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0075.797] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0075.797] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0075.797] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x37e, lpOverlapped=0x0) returned 1 [0075.799] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x380, lpOverlapped=0x0) returned 1 [0075.800] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0075.800] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0075.800] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0075.800] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x37e, lpOverlapped=0x0) returned 1 [0075.800] FlushFileBuffers (hFile=0x310) returned 1 [0076.186] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.187] CloseHandle (hObject=0x310) returned 1 [0076.188] CloseHandle (hObject=0x2bc) returned 1 [0076.189] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate2.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate2.ico")) returned 1 [0076.190] SetEvent (hEvent=0x28c) returned 1 [0076.190] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.191] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=894) returned 1 [0076.191] CloseHandle (hObject=0x2bc) returned 1 [0076.191] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico")) returned 0x80 [0076.191] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico")) returned 0x80 [0076.191] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.191] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.192] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.192] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.192] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0076.192] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x37e, lpOverlapped=0x0) returned 1 [0076.194] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x380, lpOverlapped=0x0) returned 1 [0076.195] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0076.195] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.195] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.195] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x37e, lpOverlapped=0x0) returned 1 [0076.195] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.437] FlushFileBuffers (hFile=0x310) returned 1 [0076.440] CloseHandle (hObject=0x2bc) returned 1 [0076.440] CloseHandle (hObject=0x310) returned 1 [0076.440] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate4.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate4.ico")) returned 1 [0076.441] SetEvent (hEvent=0x28c) returned 1 [0076.442] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0076.442] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=894) returned 1 [0076.442] CloseHandle (hObject=0x310) returned 1 [0076.442] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico")) returned 0x80 [0076.442] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico")) returned 0x80 [0076.442] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.442] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0076.442] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.442] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.442] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0076.442] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x37e, lpOverlapped=0x0) returned 1 [0076.449] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x380, lpOverlapped=0x0) returned 1 [0076.450] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0076.450] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.450] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.450] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x37e, lpOverlapped=0x0) returned 1 [0076.450] FlushFileBuffers (hFile=0x310) returned 1 [0076.459] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.461] CloseHandle (hObject=0x310) returned 1 [0076.462] CloseHandle (hObject=0x2bc) returned 1 [0076.463] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate6.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate6.ico")) returned 1 [0076.464] SetEvent (hEvent=0x28c) returned 1 [0076.464] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.468] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=894) returned 1 [0076.468] CloseHandle (hObject=0x314) returned 1 [0076.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico")) returned 0x80 [0076.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico")) returned 0x80 [0076.468] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.468] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.468] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.468] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.468] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0076.470] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x37e, lpOverlapped=0x0) returned 1 [0076.471] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x380, lpOverlapped=0x0) returned 1 [0076.472] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0076.473] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.473] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.473] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x37e, lpOverlapped=0x0) returned 1 [0076.473] FlushFileBuffers (hFile=0x314) returned 1 [0076.476] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.480] CloseHandle (hObject=0x314) returned 1 [0076.480] CloseHandle (hObject=0x2bc) returned 1 [0076.481] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate8.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate8.ico")) returned 1 [0076.482] SetEvent (hEvent=0x28c) returned 1 [0076.482] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.482] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=36710) returned 1 [0076.482] CloseHandle (hObject=0x2bc) returned 1 [0076.482] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico")) returned 0x80 [0076.482] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico")) returned 0x80 [0076.482] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.482] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.482] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.482] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.482] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0076.483] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x8f66, lpOverlapped=0x0) returned 1 [0076.485] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x8f70, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x8f70, lpOverlapped=0x0) returned 1 [0076.486] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0076.486] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.486] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.486] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x8f66, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x8f66, lpOverlapped=0x0) returned 1 [0076.487] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.491] FlushFileBuffers (hFile=0x314) returned 1 [0076.498] CloseHandle (hObject=0x2bc) returned 1 [0076.500] CloseHandle (hObject=0x314) returned 1 [0076.501] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Setup.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\setup.ico")) returned 1 [0076.502] SetEvent (hEvent=0x28c) returned 1 [0076.502] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.502] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=1150) returned 1 [0076.502] CloseHandle (hObject=0x314) returned 1 [0076.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico")) returned 0x80 [0076.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico")) returned 0x80 [0076.503] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.503] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.503] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.503] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.503] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0076.503] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x47e, lpOverlapped=0x0) returned 1 [0076.505] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x480, lpOverlapped=0x0) returned 1 [0076.506] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0076.507] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.507] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.507] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x47e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x47e, lpOverlapped=0x0) returned 1 [0076.507] FlushFileBuffers (hFile=0x314) returned 1 [0076.509] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.510] CloseHandle (hObject=0x314) returned 1 [0076.510] CloseHandle (hObject=0x2bc) returned 1 [0076.511] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqmet.ico")) returned 1 [0076.512] SetEvent (hEvent=0x28c) returned 1 [0076.512] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.512] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=1150) returned 1 [0076.512] CloseHandle (hObject=0x2bc) returned 1 [0076.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico")) returned 0x80 [0076.512] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico")) returned 0x80 [0076.513] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.513] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.513] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.513] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.513] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0076.513] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x47e, lpOverlapped=0x0) returned 1 [0076.514] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x480, lpOverlapped=0x0) returned 1 [0076.515] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0076.516] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.516] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.516] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x47e, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x47e, lpOverlapped=0x0) returned 1 [0076.516] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.517] FlushFileBuffers (hFile=0x314) returned 1 [0076.519] CloseHandle (hObject=0x2bc) returned 1 [0076.519] CloseHandle (hObject=0x314) returned 1 [0076.522] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\SysReqNotMet.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\sysreqnotmet.ico")) returned 1 [0076.523] SetEvent (hEvent=0x28c) returned 1 [0076.523] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.523] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=10134) returned 1 [0076.523] CloseHandle (hObject=0x314) returned 1 [0076.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico")) returned 0x80 [0076.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico")) returned 0x80 [0076.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.523] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.523] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.523] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.523] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0076.524] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x2796, lpOverlapped=0x0) returned 1 [0076.525] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x27a0, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x27a0, lpOverlapped=0x0) returned 1 [0076.526] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0076.526] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.526] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.527] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x2796, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x2796, lpOverlapped=0x0) returned 1 [0076.527] FlushFileBuffers (hFile=0x314) returned 1 [0076.531] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.537] CloseHandle (hObject=0x314) returned 1 [0076.538] CloseHandle (hObject=0x2bc) returned 1 [0076.538] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\warn.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\warn.ico")) returned 1 [0076.539] SetEvent (hEvent=0x28c) returned 1 [0076.539] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.541] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3628) returned 1 [0076.541] CloseHandle (hObject=0x2bc) returned 1 [0076.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp")) returned 0x80 [0076.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp")) returned 0x80 [0076.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\header.bmp.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.542] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.542] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.542] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0076.542] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\header.bmp.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0076.542] ReadFile (in: hFile=0x2bc, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xe2c, lpOverlapped=0x0) returned 1 [0076.588] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xe30, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xe30, lpOverlapped=0x0) returned 1 [0076.590] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0076.591] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.591] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0076.591] WriteFile (in: hFile=0x2bc, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xe2c, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xe2c, lpOverlapped=0x0) returned 1 [0076.591] FlushFileBuffers (hFile=0x2bc) returned 1 [0076.599] FlushFileBuffers (hFile=0x314) returned 1 [0076.650] CloseHandle (hObject=0x2bc) returned 1 [0076.651] CloseHandle (hObject=0x314) returned 1 [0076.652] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\header.bmp" (normalized: "c:\\588bce7c90097ed212\\header.bmp")) returned 1 [0076.653] SetEvent (hEvent=0x28c) returned 1 [0076.653] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.654] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=1901056) returned 1 [0076.654] CloseHandle (hObject=0x314) returned 1 [0076.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi")) returned 0x80 [0076.654] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x64.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0076.654] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x64.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x64.msi.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.655] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0076.655] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0076.655] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x102f86c, lpOverlapped=0x0 | out: lpBuffer=0x4c6a058*, lpNumberOfBytesRead=0x102f86c*=0x40000, lpOverlapped=0x0) returned 1 [0076.659] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x9ab55, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0076.659] ReadFile (in: hFile=0x314, lpBuffer=0x4caa058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x102f86c, lpOverlapped=0x0 | out: lpBuffer=0x4caa058*, lpNumberOfBytesRead=0x102f86c*=0x40000, lpOverlapped=0x0) returned 1 [0076.662] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x190200, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0076.662] ReadFile (in: hFile=0x314, lpBuffer=0x4cea058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x102f86c, lpOverlapped=0x0 | out: lpBuffer=0x4cea058*, lpNumberOfBytesRead=0x102f86c*=0x40000, lpOverlapped=0x0) returned 1 [0076.674] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d0 | out: lpNewFilePointer=0x0) returned 1 [0076.674] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x102f9c8, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c8*=0xc0112, lpOverlapped=0x0) returned 1 [0077.057] SetEndOfFile (hFile=0x314) returned 1 [0077.057] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x190200, lpNewFilePointer=0x0, dwMoveMethod=0x102f868 | out: lpNewFilePointer=0x0) returned 1 [0077.057] WriteFile (in: hFile=0x314, lpBuffer=0x4d2a14a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x102f874, lpOverlapped=0x0 | out: lpBuffer=0x4d2a14a*, lpNumberOfBytesWritten=0x102f874*=0x40000, lpOverlapped=0x0) returned 1 [0077.059] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x9ab55, lpNewFilePointer=0x0, dwMoveMethod=0x102f868 | out: lpNewFilePointer=0x0) returned 1 [0077.059] WriteFile (in: hFile=0x314, lpBuffer=0x4d2a14a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x102f874, lpOverlapped=0x0 | out: lpBuffer=0x4d2a14a*, lpNumberOfBytesWritten=0x102f874*=0x40000, lpOverlapped=0x0) returned 1 [0077.061] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f868 | out: lpNewFilePointer=0x0) returned 1 [0077.061] WriteFile (in: hFile=0x314, lpBuffer=0x4d2a14a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x102f874, lpOverlapped=0x0 | out: lpBuffer=0x4d2a14a*, lpNumberOfBytesWritten=0x102f874*=0x40000, lpOverlapped=0x0) returned 1 [0077.062] FlushFileBuffers (hFile=0x314) returned 1 [0077.987] CloseHandle (hObject=0x314) returned 1 [0078.486] SetEvent (hEvent=0x28c) returned 1 [0078.487] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0078.488] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=1163264) returned 1 [0078.488] CloseHandle (hObject=0x314) returned 1 [0078.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi")) returned 0x80 [0078.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi")) returned 0x80 [0078.488] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x86.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0078.488] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0078.488] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0078.488] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0078.488] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x86.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0078.489] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x110100, lpOverlapped=0x0) returned 1 [0078.766] WriteFile (in: hFile=0x21c, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x110100, lpOverlapped=0x0) returned 1 [0078.788] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xbf00, lpOverlapped=0x0) returned 1 [0078.788] WriteFile (in: hFile=0x21c, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xbf10, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xbf10, lpOverlapped=0x0) returned 1 [0078.789] WriteFile (in: hFile=0x21c, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0078.789] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0078.789] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0078.789] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x110102, lpOverlapped=0x0) returned 1 [0078.795] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xbefe, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xbefe, lpOverlapped=0x0) returned 1 [0078.795] FlushFileBuffers (hFile=0x314) returned 1 [0079.481] FlushFileBuffers (hFile=0x21c) returned 1 [0079.484] CloseHandle (hObject=0x314) returned 1 [0079.514] CloseHandle (hObject=0x21c) returned 1 [0079.777] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_core_x86.msi")) returned 1 [0080.056] SetEvent (hEvent=0x28c) returned 1 [0080.187] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0080.187] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=872448) returned 1 [0080.187] CloseHandle (hObject=0x314) returned 1 [0080.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi")) returned 0x80 [0080.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi")) returned 0x80 [0080.188] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x64.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0080.188] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0080.188] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0080.188] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0080.188] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x64.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0080.188] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xd5000, lpOverlapped=0x0) returned 1 [0080.204] WriteFile (in: hFile=0x21c, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xd5010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xd5010, lpOverlapped=0x0) returned 1 [0080.391] WriteFile (in: hFile=0x21c, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0080.391] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0080.391] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0080.391] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xd5000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xd5000, lpOverlapped=0x0) returned 1 [0080.393] FlushFileBuffers (hFile=0x314) returned 1 [0080.491] FlushFileBuffers (hFile=0x21c) returned 1 [0080.493] CloseHandle (hObject=0x314) returned 1 [0080.507] CloseHandle (hObject=0x21c) returned 1 [0080.523] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x64.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x64.msi")) returned 1 [0080.719] SetEvent (hEvent=0x28c) returned 1 [0080.719] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0080.719] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=495616) returned 1 [0080.720] CloseHandle (hObject=0x314) returned 1 [0080.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi")) returned 0x80 [0080.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi")) returned 0x80 [0080.720] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x86.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0080.720] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0080.720] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0080.720] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0080.720] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x86.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0080.720] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x79000, lpOverlapped=0x0) returned 1 [0080.728] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x79010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x79010, lpOverlapped=0x0) returned 1 [0080.737] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0080.737] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0080.737] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0080.737] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x79000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x79000, lpOverlapped=0x0) returned 1 [0080.738] FlushFileBuffers (hFile=0x314) returned 1 [0081.617] FlushFileBuffers (hFile=0x310) returned 1 [0081.634] CloseHandle (hObject=0x314) returned 1 [0081.643] CloseHandle (hObject=0x310) returned 1 [0081.652] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended_x86.msi" (normalized: "c:\\588bce7c90097ed212\\netfx_extended_x86.msi")) returned 1 [0081.656] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0081.656] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=94720) returned 1 [0081.656] CloseHandle (hObject=0x310) returned 1 [0081.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi")) returned 0x80 [0081.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi")) returned 0x80 [0081.657] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9Rast_x86.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0081.657] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0081.657] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0081.657] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0081.657] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9Rast_x86.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0081.670] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x17200, lpOverlapped=0x0) returned 1 [0081.673] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x17210, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x17210, lpOverlapped=0x0) returned 1 [0081.676] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0081.676] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0081.676] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0081.676] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x17200, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x17200, lpOverlapped=0x0) returned 1 [0081.676] FlushFileBuffers (hFile=0x310) returned 1 [0081.727] FlushFileBuffers (hFile=0x314) returned 1 [0081.728] CloseHandle (hObject=0x310) returned 1 [0081.730] CloseHandle (hObject=0x314) returned 1 [0081.733] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9Rast_x86.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x86.msi")) returned 1 [0081.734] SetEvent (hEvent=0x28c) returned 1 [0081.734] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0081.735] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=807256) returned 1 [0081.735] CloseHandle (hObject=0x314) returned 1 [0081.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll")) returned 0x80 [0081.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll")) returned 0x80 [0081.735] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupEngine.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0081.735] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0081.735] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0081.735] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0081.735] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupEngine.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0081.735] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xc5158, lpOverlapped=0x0) returned 1 [0081.749] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xc5160, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xc5160, lpOverlapped=0x0) returned 1 [0081.763] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0081.763] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0081.763] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0081.763] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xc5158, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xc5158, lpOverlapped=0x0) returned 1 [0082.000] FlushFileBuffers (hFile=0x314) returned 1 [0082.101] FlushFileBuffers (hFile=0x310) returned 1 [0082.104] CloseHandle (hObject=0x314) returned 1 [0082.120] CloseHandle (hObject=0x310) returned 1 [0082.250] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupEngine.dll" (normalized: "c:\\588bce7c90097ed212\\setupengine.dll")) returned 1 [0082.258] SetEvent (hEvent=0x28c) returned 1 [0082.258] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0082.258] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=41080) returned 1 [0082.258] CloseHandle (hObject=0x310) returned 1 [0082.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp")) returned 0x80 [0082.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp")) returned 0x80 [0082.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0082.259] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0082.259] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0082.259] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0082.259] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0082.259] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0xa078, lpOverlapped=0x0) returned 1 [0082.438] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xa080, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xa080, lpOverlapped=0x0) returned 1 [0082.439] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0082.440] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0082.440] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0082.440] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xa078, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0xa078, lpOverlapped=0x0) returned 1 [0082.440] FlushFileBuffers (hFile=0x310) returned 1 [0082.616] FlushFileBuffers (hFile=0x314) returned 1 [0082.618] CloseHandle (hObject=0x310) returned 1 [0082.619] CloseHandle (hObject=0x314) returned 1 [0082.621] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SplashScreen.bmp" (normalized: "c:\\588bce7c90097ed212\\splashscreen.bmp")) returned 1 [0082.622] SetEvent (hEvent=0x28c) returned 1 [0082.622] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0082.623] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=38898) returned 1 [0082.623] CloseHandle (hObject=0x314) returned 1 [0082.623] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml")) returned 0x80 [0082.623] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml")) returned 0x80 [0082.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0082.624] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0082.624] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0082.624] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0082.624] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0082.624] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x97f2, lpOverlapped=0x0) returned 1 [0082.626] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x9800, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x9800, lpOverlapped=0x0) returned 1 [0082.628] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0082.628] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0082.628] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0082.628] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x97f2, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x97f2, lpOverlapped=0x0) returned 1 [0082.628] FlushFileBuffers (hFile=0x314) returned 1 [0082.767] FlushFileBuffers (hFile=0x310) returned 1 [0082.772] CloseHandle (hObject=0x314) returned 1 [0082.774] CloseHandle (hObject=0x310) returned 1 [0082.775] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\uiinfo.xml")) returned 1 [0082.777] SetEvent (hEvent=0x28c) returned 1 [0082.777] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0082.781] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=5198099) returned 1 [0082.781] CloseHandle (hObject=0x314) returned 1 [0082.781] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu")) returned 0x80 [0082.782] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0082.782] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x64.msu.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0082.782] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0082.782] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0082.782] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x102f86c, lpOverlapped=0x0 | out: lpBuffer=0x4c6a058*, lpNumberOfBytesRead=0x102f86c*=0x40000, lpOverlapped=0x0) returned 1 [0082.786] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x1a705b, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0082.786] ReadFile (in: hFile=0x314, lpBuffer=0x4caa058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x102f86c, lpOverlapped=0x0 | out: lpBuffer=0x4caa058*, lpNumberOfBytesRead=0x102f86c*=0x40000, lpOverlapped=0x0) returned 1 [0082.789] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x4b5113, lpNewFilePointer=0x0, dwMoveMethod=0x102f860 | out: lpNewFilePointer=0x0) returned 1 [0082.789] ReadFile (in: hFile=0x314, lpBuffer=0x4cea058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x102f86c, lpOverlapped=0x0 | out: lpBuffer=0x4cea058*, lpNumberOfBytesRead=0x102f86c*=0x40000, lpOverlapped=0x0) returned 1 [0082.802] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d0 | out: lpNewFilePointer=0x0) returned 1 [0082.802] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xc0132, lpNumberOfBytesWritten=0x102f9c8, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c8*=0xc0132, lpOverlapped=0x0) returned 1 [0083.074] SetEndOfFile (hFile=0x314) returned 1 [0083.074] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x4b5113, lpNewFilePointer=0x0, dwMoveMethod=0x102f868 | out: lpNewFilePointer=0x0) returned 1 [0083.074] WriteFile (in: hFile=0x314, lpBuffer=0x4d2a16a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x102f874, lpOverlapped=0x0 | out: lpBuffer=0x4d2a16a*, lpNumberOfBytesWritten=0x102f874*=0x40000, lpOverlapped=0x0) returned 1 [0083.358] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x1a705b, lpNewFilePointer=0x0, dwMoveMethod=0x102f868 | out: lpNewFilePointer=0x0) returned 1 [0083.358] WriteFile (in: hFile=0x314, lpBuffer=0x4d2a16a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x102f874, lpOverlapped=0x0 | out: lpBuffer=0x4d2a16a*, lpNumberOfBytesWritten=0x102f874*=0x40000, lpOverlapped=0x0) returned 1 [0083.360] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f868 | out: lpNewFilePointer=0x0) returned 1 [0083.360] WriteFile (in: hFile=0x314, lpBuffer=0x4d2a16a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x102f874, lpOverlapped=0x0 | out: lpBuffer=0x4d2a16a*, lpNumberOfBytesWritten=0x102f874*=0x40000, lpOverlapped=0x0) returned 1 [0083.361] FlushFileBuffers (hFile=0x314) returned 1 [0083.699] CloseHandle (hObject=0x314) returned 1 [0084.353] SetEvent (hEvent=0x28c) returned 1 [0084.353] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.353] SetEvent (hEvent=0x28c) returned 1 [0084.354] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.354] SetEvent (hEvent=0x28c) returned 1 [0084.355] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0084.356] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=0) returned 1 [0084.356] CloseHandle (hObject=0x310) returned 1 [0084.356] SetEvent (hEvent=0x28c) returned 1 [0084.356] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0084.357] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=0) returned 1 [0084.357] CloseHandle (hObject=0x310) returned 1 [0084.357] SetEvent (hEvent=0x28c) returned 1 [0084.357] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\bg-BG\\bootmgr.exe.mui" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0084.357] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77664) returned 1 [0084.357] CloseHandle (hObject=0x310) returned 1 [0084.357] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bg-BG\\bootmgr.exe.mui" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui")) returned 0x20 [0084.357] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bg-BG\\bootmgr.exe.mui" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui")) returned 0x20 [0084.358] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bg-BG\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.358] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\bg-BG\\bootmgr.exe.mui" (normalized: "c:\\boot\\bg-bg\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.358] SetEvent (hEvent=0x28c) returned 1 [0084.358] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\bootspaces.dll" (normalized: "c:\\boot\\bootspaces.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0084.360] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=95648) returned 1 [0084.360] CloseHandle (hObject=0x310) returned 1 [0084.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bootspaces.dll" (normalized: "c:\\boot\\bootspaces.dll")) returned 0x20 [0084.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bootspaces.dll" (normalized: "c:\\boot\\bootspaces.dll")) returned 0x20 [0084.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bootspaces.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\bootspaces.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.360] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\bootspaces.dll" (normalized: "c:\\boot\\bootspaces.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.360] SetEvent (hEvent=0x28c) returned 1 [0084.360] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0084.361] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=65536) returned 1 [0084.361] CloseHandle (hObject=0x310) returned 1 [0084.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 0x26 [0084.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 0x26 [0084.361] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\bootstat.dat.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.361] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0084.361] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0084.361] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0084.361] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\bootstat.dat.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x26, hTemplateFile=0x0) returned 0x314 [0084.362] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x10000, lpOverlapped=0x0) returned 1 [0084.364] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x10010, lpOverlapped=0x0) returned 1 [0084.367] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0xf2, lpOverlapped=0x0) returned 1 [0084.368] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0084.368] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0084.368] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x10000, lpOverlapped=0x0) returned 1 [0084.369] FlushFileBuffers (hFile=0x310) returned 1 [0084.370] FlushFileBuffers (hFile=0x314) returned 1 [0084.371] CloseHandle (hObject=0x310) returned 1 [0084.372] CloseHandle (hObject=0x314) returned 1 [0084.372] DeleteFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 1 [0084.373] SetEvent (hEvent=0x28c) returned 1 [0084.373] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.373] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=99744) returned 1 [0084.374] CloseHandle (hObject=0x314) returned 1 [0084.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll")) returned 0x20 [0084.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll")) returned 0x20 [0084.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\bootvhd.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\bootvhd.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.374] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.374] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.374] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76632) returned 1 [0084.374] CloseHandle (hObject=0x314) returned 1 [0084.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui")) returned 0x20 [0084.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui")) returned 0x20 [0084.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.374] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.375] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\memtest.exe.mui" (normalized: "c:\\boot\\cs-cz\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.375] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.375] CloseHandle (hObject=0x314) returned 1 [0084.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\memtest.exe.mui" (normalized: "c:\\boot\\cs-cz\\memtest.exe.mui")) returned 0x20 [0084.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\memtest.exe.mui" (normalized: "c:\\boot\\cs-cz\\memtest.exe.mui")) returned 0x20 [0084.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\cs-cz\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.375] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\memtest.exe.mui" (normalized: "c:\\boot\\cs-cz\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.375] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.376] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=75616) returned 1 [0084.376] CloseHandle (hObject=0x314) returned 1 [0084.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui")) returned 0x20 [0084.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui")) returned 0x20 [0084.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.376] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.376] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\memtest.exe.mui" (normalized: "c:\\boot\\da-dk\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.376] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.376] CloseHandle (hObject=0x314) returned 1 [0084.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\memtest.exe.mui" (normalized: "c:\\boot\\da-dk\\memtest.exe.mui")) returned 0x20 [0084.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\memtest.exe.mui" (normalized: "c:\\boot\\da-dk\\memtest.exe.mui")) returned 0x20 [0084.376] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\da-dk\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.376] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\memtest.exe.mui" (normalized: "c:\\boot\\da-dk\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.377] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.377] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=79200) returned 1 [0084.377] CloseHandle (hObject=0x314) returned 1 [0084.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui")) returned 0x20 [0084.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui")) returned 0x20 [0084.377] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.377] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.377] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\memtest.exe.mui" (normalized: "c:\\boot\\de-de\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.377] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45984) returned 1 [0084.377] CloseHandle (hObject=0x314) returned 1 [0084.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\memtest.exe.mui" (normalized: "c:\\boot\\de-de\\memtest.exe.mui")) returned 0x20 [0084.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\memtest.exe.mui" (normalized: "c:\\boot\\de-de\\memtest.exe.mui")) returned 0x20 [0084.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\de-de\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.378] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\memtest.exe.mui" (normalized: "c:\\boot\\de-de\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.378] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.378] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=80224) returned 1 [0084.378] CloseHandle (hObject=0x314) returned 1 [0084.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui")) returned 0x20 [0084.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui")) returned 0x20 [0084.378] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.378] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.379] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\memtest.exe.mui" (normalized: "c:\\boot\\el-gr\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.379] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=46496) returned 1 [0084.379] CloseHandle (hObject=0x314) returned 1 [0084.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\memtest.exe.mui" (normalized: "c:\\boot\\el-gr\\memtest.exe.mui")) returned 0x20 [0084.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\memtest.exe.mui" (normalized: "c:\\boot\\el-gr\\memtest.exe.mui")) returned 0x20 [0084.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\el-gr\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.379] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\memtest.exe.mui" (normalized: "c:\\boot\\el-gr\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.379] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-GB\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-gb\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.379] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=74072) returned 1 [0084.379] CloseHandle (hObject=0x314) returned 1 [0084.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-GB\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-gb\\bootmgr.exe.mui")) returned 0x20 [0084.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-GB\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-gb\\bootmgr.exe.mui")) returned 0x20 [0084.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-GB\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\en-gb\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.380] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-GB\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-gb\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.380] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.380] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=74144) returned 1 [0084.380] CloseHandle (hObject=0x314) returned 1 [0084.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui")) returned 0x20 [0084.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui")) returned 0x20 [0084.380] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.380] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.381] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.381] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=44960) returned 1 [0084.381] CloseHandle (hObject=0x314) returned 1 [0084.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui")) returned 0x20 [0084.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui")) returned 0x20 [0084.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\en-us\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.381] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.381] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.381] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77664) returned 1 [0084.381] CloseHandle (hObject=0x314) returned 1 [0084.381] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui")) returned 0x20 [0084.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui")) returned 0x20 [0084.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.382] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.382] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\memtest.exe.mui" (normalized: "c:\\boot\\es-es\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.382] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45984) returned 1 [0084.382] CloseHandle (hObject=0x314) returned 1 [0084.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\memtest.exe.mui" (normalized: "c:\\boot\\es-es\\memtest.exe.mui")) returned 0x20 [0084.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\memtest.exe.mui" (normalized: "c:\\boot\\es-es\\memtest.exe.mui")) returned 0x20 [0084.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\es-es\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.382] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\memtest.exe.mui" (normalized: "c:\\boot\\es-es\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.383] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-MX\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-mx\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.383] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77664) returned 1 [0084.383] CloseHandle (hObject=0x314) returned 1 [0084.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-MX\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-mx\\bootmgr.exe.mui")) returned 0x20 [0084.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-MX\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-mx\\bootmgr.exe.mui")) returned 0x20 [0084.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-MX\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\es-mx\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.383] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-MX\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-mx\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.383] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\et-EE\\bootmgr.exe.mui" (normalized: "c:\\boot\\et-ee\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.383] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=75104) returned 1 [0084.383] CloseHandle (hObject=0x314) returned 1 [0084.383] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\et-EE\\bootmgr.exe.mui" (normalized: "c:\\boot\\et-ee\\bootmgr.exe.mui")) returned 0x20 [0084.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\et-EE\\bootmgr.exe.mui" (normalized: "c:\\boot\\et-ee\\bootmgr.exe.mui")) returned 0x20 [0084.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\et-EE\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\et-ee\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.384] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\et-EE\\bootmgr.exe.mui" (normalized: "c:\\boot\\et-ee\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.384] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.384] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76640) returned 1 [0084.384] CloseHandle (hObject=0x314) returned 1 [0084.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui")) returned 0x20 [0084.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui")) returned 0x20 [0084.384] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.384] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.385] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\memtest.exe.mui" (normalized: "c:\\boot\\fi-fi\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.385] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.385] CloseHandle (hObject=0x314) returned 1 [0084.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\memtest.exe.mui" (normalized: "c:\\boot\\fi-fi\\memtest.exe.mui")) returned 0x20 [0084.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\memtest.exe.mui" (normalized: "c:\\boot\\fi-fi\\memtest.exe.mui")) returned 0x20 [0084.385] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fi-fi\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.385] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\memtest.exe.mui" (normalized: "c:\\boot\\fi-fi\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.385] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.386] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3695719) returned 1 [0084.386] CloseHandle (hObject=0x314) returned 1 [0084.386] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0x20 [0084.386] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0 [0084.386] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0 [0084.386] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.389] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=3878410) returned 1 [0084.389] CloseHandle (hObject=0x314) returned 1 [0084.389] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0x20 [0084.390] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0 [0084.390] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0 [0084.390] SetEvent (hEvent=0x28c) returned 1 [0084.390] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.392] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=1985867) returned 1 [0084.392] CloseHandle (hObject=0x314) returned 1 [0084.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0x20 [0084.392] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0 [0084.392] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0 [0084.392] SetEvent (hEvent=0x28c) returned 1 [0084.393] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.395] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=2373000) returned 1 [0084.395] CloseHandle (hObject=0x328) returned 1 [0084.395] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0x20 [0084.395] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0 [0084.395] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame"), lpNewFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0 [0084.396] SetEvent (hEvent=0x28c) returned 1 [0084.396] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgunn_boot.ttf" (normalized: "c:\\boot\\fonts\\malgunn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.397] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=174959) returned 1 [0084.397] CloseHandle (hObject=0x328) returned 1 [0084.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgunn_boot.ttf" (normalized: "c:\\boot\\fonts\\malgunn_boot.ttf")) returned 0x20 [0084.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgunn_boot.ttf" (normalized: "c:\\boot\\fonts\\malgunn_boot.ttf")) returned 0x20 [0084.398] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgunn_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\malgunn_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.398] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgunn_boot.ttf" (normalized: "c:\\boot\\fonts\\malgunn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.398] SetEvent (hEvent=0x28c) returned 1 [0084.398] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgun_boot.ttf" (normalized: "c:\\boot\\fonts\\malgun_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.399] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=177414) returned 1 [0084.399] CloseHandle (hObject=0x328) returned 1 [0084.399] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgun_boot.ttf" (normalized: "c:\\boot\\fonts\\malgun_boot.ttf")) returned 0x20 [0084.399] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgun_boot.ttf" (normalized: "c:\\boot\\fonts\\malgun_boot.ttf")) returned 0x20 [0084.399] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgun_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\malgun_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.399] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\malgun_boot.ttf" (normalized: "c:\\boot\\fonts\\malgun_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.400] SetEvent (hEvent=0x28c) returned 1 [0084.400] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryon_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0084.403] GetFileSizeEx (in: hFile=0x2c0, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=143754) returned 1 [0084.403] CloseHandle (hObject=0x2c0) returned 1 [0084.403] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryon_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf")) returned 0x20 [0084.403] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryon_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf")) returned 0x20 [0084.403] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryon_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.403] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryon_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryon_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.403] SetEvent (hEvent=0x28c) returned 1 [0084.403] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryo_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.407] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=145419) returned 1 [0084.407] CloseHandle (hObject=0x328) returned 1 [0084.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryo_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf")) returned 0x20 [0084.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryo_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf")) returned 0x20 [0084.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryo_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.407] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\meiryo_boot.ttf" (normalized: "c:\\boot\\fonts\\meiryo_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.407] SetEvent (hEvent=0x28c) returned 1 [0084.407] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.407] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=162331) returned 1 [0084.407] CloseHandle (hObject=0x328) returned 1 [0084.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf")) returned 0x20 [0084.408] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf")) returned 0x20 [0084.408] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjhn_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.408] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msjhn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.408] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjh_boot.ttf" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.409] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=164347) returned 1 [0084.409] CloseHandle (hObject=0x328) returned 1 [0084.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjh_boot.ttf" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf")) returned 0x20 [0084.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjh_boot.ttf" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf")) returned 0x20 [0084.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjh_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.409] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msjh_boot.ttf" (normalized: "c:\\boot\\fonts\\msjh_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.409] SetEvent (hEvent=0x28c) returned 1 [0084.409] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.409] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=154427) returned 1 [0084.409] CloseHandle (hObject=0x328) returned 1 [0084.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf")) returned 0x20 [0084.409] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf")) returned 0x20 [0084.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyhn_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.410] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyhn_boot.ttf" (normalized: "c:\\boot\\fonts\\msyhn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.410] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyh_boot.ttf" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.410] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=156245) returned 1 [0084.410] CloseHandle (hObject=0x328) returned 1 [0084.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyh_boot.ttf" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf")) returned 0x20 [0084.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyh_boot.ttf" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf")) returned 0x20 [0084.410] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyh_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.410] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\msyh_boot.ttf" (normalized: "c:\\boot\\fonts\\msyh_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.411] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segmono_boot.ttf" (normalized: "c:\\boot\\fonts\\segmono_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.412] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=44859) returned 1 [0084.412] CloseHandle (hObject=0x324) returned 1 [0084.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segmono_boot.ttf" (normalized: "c:\\boot\\fonts\\segmono_boot.ttf")) returned 0x20 [0084.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segmono_boot.ttf" (normalized: "c:\\boot\\fonts\\segmono_boot.ttf")) returned 0x20 [0084.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segmono_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\segmono_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.412] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segmono_boot.ttf" (normalized: "c:\\boot\\fonts\\segmono_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.412] SetEvent (hEvent=0x28c) returned 1 [0084.412] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoen_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoen_slboot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.412] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=85862) returned 1 [0084.412] CloseHandle (hObject=0x324) returned 1 [0084.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoen_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoen_slboot.ttf")) returned 0x20 [0084.412] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoen_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoen_slboot.ttf")) returned 0x20 [0084.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoen_slboot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\segoen_slboot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.413] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoen_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoen_slboot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.413] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoe_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoe_slboot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.413] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=86178) returned 1 [0084.413] CloseHandle (hObject=0x324) returned 1 [0084.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoe_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoe_slboot.ttf")) returned 0x20 [0084.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoe_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoe_slboot.ttf")) returned 0x20 [0084.413] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoe_slboot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\segoe_slboot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.413] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\segoe_slboot.ttf" (normalized: "c:\\boot\\fonts\\segoe_slboot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.413] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.414] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=49091) returned 1 [0084.414] CloseHandle (hObject=0x324) returned 1 [0084.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf")) returned 0x20 [0084.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf")) returned 0x20 [0084.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.414] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.414] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-CA\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-ca\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.414] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=79200) returned 1 [0084.414] CloseHandle (hObject=0x324) returned 1 [0084.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-CA\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-ca\\bootmgr.exe.mui")) returned 0x20 [0084.414] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-CA\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-ca\\bootmgr.exe.mui")) returned 0x20 [0084.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-CA\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fr-ca\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.415] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-CA\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-ca\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.415] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.415] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=79192) returned 1 [0084.415] CloseHandle (hObject=0x324) returned 1 [0084.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui")) returned 0x20 [0084.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui")) returned 0x20 [0084.415] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.415] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.415] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\memtest.exe.mui" (normalized: "c:\\boot\\fr-fr\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.416] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45984) returned 1 [0084.416] CloseHandle (hObject=0x324) returned 1 [0084.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\memtest.exe.mui" (normalized: "c:\\boot\\fr-fr\\memtest.exe.mui")) returned 0x20 [0084.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\memtest.exe.mui" (normalized: "c:\\boot\\fr-fr\\memtest.exe.mui")) returned 0x20 [0084.416] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\fr-fr\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.416] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\memtest.exe.mui" (normalized: "c:\\boot\\fr-fr\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.416] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hr-HR\\bootmgr.exe.mui" (normalized: "c:\\boot\\hr-hr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.416] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76640) returned 1 [0084.416] CloseHandle (hObject=0x324) returned 1 [0084.532] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hr-HR\\bootmgr.exe.mui" (normalized: "c:\\boot\\hr-hr\\bootmgr.exe.mui")) returned 0x20 [0084.532] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hr-HR\\bootmgr.exe.mui" (normalized: "c:\\boot\\hr-hr\\bootmgr.exe.mui")) returned 0x20 [0084.533] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hr-HR\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\hr-hr\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.533] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hr-HR\\bootmgr.exe.mui" (normalized: "c:\\boot\\hr-hr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.533] SetEvent (hEvent=0x28c) returned 1 [0084.533] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0084.534] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=78688) returned 1 [0084.534] CloseHandle (hObject=0x2bc) returned 1 [0084.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui")) returned 0x20 [0084.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui")) returned 0x20 [0084.534] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.534] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.534] SetEvent (hEvent=0x28c) returned 1 [0084.534] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\memtest.exe.mui" (normalized: "c:\\boot\\hu-hu\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0084.535] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45976) returned 1 [0084.535] CloseHandle (hObject=0x2bc) returned 1 [0084.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\memtest.exe.mui" (normalized: "c:\\boot\\hu-hu\\memtest.exe.mui")) returned 0x20 [0084.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\memtest.exe.mui" (normalized: "c:\\boot\\hu-hu\\memtest.exe.mui")) returned 0x20 [0084.535] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\hu-hu\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.535] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\memtest.exe.mui" (normalized: "c:\\boot\\hu-hu\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.535] SetEvent (hEvent=0x28c) returned 1 [0084.535] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0084.536] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77144) returned 1 [0084.536] CloseHandle (hObject=0x2bc) returned 1 [0084.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui")) returned 0x20 [0084.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui")) returned 0x20 [0084.536] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.536] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.536] SetEvent (hEvent=0x28c) returned 1 [0084.537] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\memtest.exe.mui" (normalized: "c:\\boot\\it-it\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.537] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.537] CloseHandle (hObject=0x324) returned 1 [0084.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\memtest.exe.mui" (normalized: "c:\\boot\\it-it\\memtest.exe.mui")) returned 0x20 [0084.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\memtest.exe.mui" (normalized: "c:\\boot\\it-it\\memtest.exe.mui")) returned 0x20 [0084.537] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\it-it\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.537] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\memtest.exe.mui" (normalized: "c:\\boot\\it-it\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.537] SetEvent (hEvent=0x28c) returned 1 [0084.538] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.538] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=67424) returned 1 [0084.538] CloseHandle (hObject=0x324) returned 1 [0084.538] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui")) returned 0x20 [0084.538] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui")) returned 0x20 [0084.538] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.538] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.538] SetEvent (hEvent=0x28c) returned 1 [0084.539] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\memtest.exe.mui" (normalized: "c:\\boot\\ja-jp\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324 [0084.539] GetFileSizeEx (in: hFile=0x324, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=42904) returned 1 [0084.540] CloseHandle (hObject=0x324) returned 1 [0084.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\memtest.exe.mui" (normalized: "c:\\boot\\ja-jp\\memtest.exe.mui")) returned 0x20 [0084.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\memtest.exe.mui" (normalized: "c:\\boot\\ja-jp\\memtest.exe.mui")) returned 0x20 [0084.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\ja-jp\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.540] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\memtest.exe.mui" (normalized: "c:\\boot\\ja-jp\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.540] SetEvent (hEvent=0x28c) returned 1 [0084.541] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0084.541] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=66912) returned 1 [0084.541] CloseHandle (hObject=0x2bc) returned 1 [0084.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui")) returned 0x20 [0084.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui")) returned 0x20 [0084.541] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.541] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.541] SetEvent (hEvent=0x28c) returned 1 [0084.542] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\memtest.exe.mui" (normalized: "c:\\boot\\ko-kr\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0084.542] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=42912) returned 1 [0084.542] CloseHandle (hObject=0x2bc) returned 1 [0084.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\memtest.exe.mui" (normalized: "c:\\boot\\ko-kr\\memtest.exe.mui")) returned 0x20 [0084.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\memtest.exe.mui" (normalized: "c:\\boot\\ko-kr\\memtest.exe.mui")) returned 0x20 [0084.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\ko-kr\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.542] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\memtest.exe.mui" (normalized: "c:\\boot\\ko-kr\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.542] SetEvent (hEvent=0x28c) returned 1 [0084.544] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\lt-LT\\bootmgr.exe.mui" (normalized: "c:\\boot\\lt-lt\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0084.544] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=75616) returned 1 [0084.544] CloseHandle (hObject=0x2bc) returned 1 [0084.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\lt-LT\\bootmgr.exe.mui" (normalized: "c:\\boot\\lt-lt\\bootmgr.exe.mui")) returned 0x20 [0084.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\lt-LT\\bootmgr.exe.mui" (normalized: "c:\\boot\\lt-lt\\bootmgr.exe.mui")) returned 0x20 [0084.544] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\lt-LT\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\lt-lt\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.544] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\lt-LT\\bootmgr.exe.mui" (normalized: "c:\\boot\\lt-lt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.545] SetEvent (hEvent=0x28c) returned 1 [0084.546] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\lv-LV\\bootmgr.exe.mui" (normalized: "c:\\boot\\lv-lv\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.546] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=75608) returned 1 [0084.546] CloseHandle (hObject=0x328) returned 1 [0084.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\lv-LV\\bootmgr.exe.mui" (normalized: "c:\\boot\\lv-lv\\bootmgr.exe.mui")) returned 0x20 [0084.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\lv-LV\\bootmgr.exe.mui" (normalized: "c:\\boot\\lv-lv\\bootmgr.exe.mui")) returned 0x20 [0084.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\lv-LV\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\lv-lv\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.547] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\lv-LV\\bootmgr.exe.mui" (normalized: "c:\\boot\\lv-lv\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.547] SetEvent (hEvent=0x28c) returned 1 [0084.547] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.547] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=811936) returned 1 [0084.547] CloseHandle (hObject=0x328) returned 1 [0084.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20 [0084.547] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20 [0084.548] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\memtest.exe.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.548] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.548] SetEvent (hEvent=0x28c) returned 1 [0084.548] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.548] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=75616) returned 1 [0084.548] CloseHandle (hObject=0x328) returned 1 [0084.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui")) returned 0x20 [0084.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui")) returned 0x20 [0084.549] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.549] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.549] SetEvent (hEvent=0x28c) returned 1 [0084.549] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\memtest.exe.mui" (normalized: "c:\\boot\\nb-no\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.549] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.549] CloseHandle (hObject=0x328) returned 1 [0084.550] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\memtest.exe.mui" (normalized: "c:\\boot\\nb-no\\memtest.exe.mui")) returned 0x20 [0084.550] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\memtest.exe.mui" (normalized: "c:\\boot\\nb-no\\memtest.exe.mui")) returned 0x20 [0084.550] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\nb-no\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.550] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\memtest.exe.mui" (normalized: "c:\\boot\\nb-no\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.550] SetEvent (hEvent=0x28c) returned 1 [0084.550] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.550] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=78176) returned 1 [0084.550] CloseHandle (hObject=0x328) returned 1 [0084.550] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui")) returned 0x20 [0084.551] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui")) returned 0x20 [0084.551] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.551] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.551] SetEvent (hEvent=0x28c) returned 1 [0084.551] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\memtest.exe.mui" (normalized: "c:\\boot\\nl-nl\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.551] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.551] CloseHandle (hObject=0x328) returned 1 [0084.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\memtest.exe.mui" (normalized: "c:\\boot\\nl-nl\\memtest.exe.mui")) returned 0x20 [0084.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\memtest.exe.mui" (normalized: "c:\\boot\\nl-nl\\memtest.exe.mui")) returned 0x20 [0084.552] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\nl-nl\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.552] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\memtest.exe.mui" (normalized: "c:\\boot\\nl-nl\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.552] SetEvent (hEvent=0x28c) returned 1 [0084.553] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.553] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77656) returned 1 [0084.553] CloseHandle (hObject=0x328) returned 1 [0084.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui")) returned 0x20 [0084.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui")) returned 0x20 [0084.553] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.553] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.553] SetEvent (hEvent=0x28c) returned 1 [0084.554] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\memtest.exe.mui" (normalized: "c:\\boot\\pl-pl\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.554] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45984) returned 1 [0084.554] CloseHandle (hObject=0x328) returned 1 [0084.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\memtest.exe.mui" (normalized: "c:\\boot\\pl-pl\\memtest.exe.mui")) returned 0x20 [0084.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\memtest.exe.mui" (normalized: "c:\\boot\\pl-pl\\memtest.exe.mui")) returned 0x20 [0084.554] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\pl-pl\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.554] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\memtest.exe.mui" (normalized: "c:\\boot\\pl-pl\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.554] SetEvent (hEvent=0x28c) returned 1 [0084.556] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.556] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76640) returned 1 [0084.556] CloseHandle (hObject=0x314) returned 1 [0084.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui")) returned 0x20 [0084.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui")) returned 0x20 [0084.556] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.556] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.556] SetEvent (hEvent=0x28c) returned 1 [0084.557] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\memtest.exe.mui" (normalized: "c:\\boot\\pt-br\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.557] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.557] CloseHandle (hObject=0x314) returned 1 [0084.557] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\memtest.exe.mui" (normalized: "c:\\boot\\pt-br\\memtest.exe.mui")) returned 0x20 [0084.557] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\memtest.exe.mui" (normalized: "c:\\boot\\pt-br\\memtest.exe.mui")) returned 0x20 [0084.557] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\pt-br\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.557] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\memtest.exe.mui" (normalized: "c:\\boot\\pt-br\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.557] SetEvent (hEvent=0x28c) returned 1 [0084.558] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.558] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76640) returned 1 [0084.558] CloseHandle (hObject=0x314) returned 1 [0084.558] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui")) returned 0x20 [0084.558] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui")) returned 0x20 [0084.558] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.558] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.558] SetEvent (hEvent=0x28c) returned 1 [0084.559] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\memtest.exe.mui" (normalized: "c:\\boot\\pt-pt\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.559] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45984) returned 1 [0084.559] CloseHandle (hObject=0x314) returned 1 [0084.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\memtest.exe.mui" (normalized: "c:\\boot\\pt-pt\\memtest.exe.mui")) returned 0x20 [0084.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\memtest.exe.mui" (normalized: "c:\\boot\\pt-pt\\memtest.exe.mui")) returned 0x20 [0084.559] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\pt-pt\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.559] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\memtest.exe.mui" (normalized: "c:\\boot\\pt-pt\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.559] SetEvent (hEvent=0x28c) returned 1 [0084.560] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\bootmgr.exe.mui" (normalized: "c:\\boot\\qps-ploc\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.560] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=74080) returned 1 [0084.560] CloseHandle (hObject=0x328) returned 1 [0084.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\bootmgr.exe.mui" (normalized: "c:\\boot\\qps-ploc\\bootmgr.exe.mui")) returned 0x20 [0084.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\bootmgr.exe.mui" (normalized: "c:\\boot\\qps-ploc\\bootmgr.exe.mui")) returned 0x20 [0084.560] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\qps-ploc\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.561] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\bootmgr.exe.mui" (normalized: "c:\\boot\\qps-ploc\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.561] SetEvent (hEvent=0x28c) returned 1 [0084.561] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\memtest.exe.mui" (normalized: "c:\\boot\\qps-ploc\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.561] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=54168) returned 1 [0084.561] CloseHandle (hObject=0x328) returned 1 [0084.561] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\memtest.exe.mui" (normalized: "c:\\boot\\qps-ploc\\memtest.exe.mui")) returned 0x20 [0084.561] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\memtest.exe.mui" (normalized: "c:\\boot\\qps-ploc\\memtest.exe.mui")) returned 0x20 [0084.561] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\qps-ploc\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.561] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\qps-ploc\\memtest.exe.mui" (normalized: "c:\\boot\\qps-ploc\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.562] SetEvent (hEvent=0x28c) returned 1 [0084.562] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Resources\\bootres.dll" (normalized: "c:\\boot\\resources\\bootres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.562] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=92576) returned 1 [0084.562] CloseHandle (hObject=0x328) returned 1 [0084.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Resources\\bootres.dll" (normalized: "c:\\boot\\resources\\bootres.dll")) returned 0x20 [0084.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Resources\\bootres.dll" (normalized: "c:\\boot\\resources\\bootres.dll")) returned 0x20 [0084.562] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Resources\\bootres.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\resources\\bootres.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.563] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Resources\\bootres.dll" (normalized: "c:\\boot\\resources\\bootres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.563] SetEvent (hEvent=0x28c) returned 1 [0084.563] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Resources\\en-US\\bootres.dll.mui" (normalized: "c:\\boot\\resources\\en-us\\bootres.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.563] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=12192) returned 1 [0084.563] CloseHandle (hObject=0x328) returned 1 [0084.563] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Resources\\en-US\\bootres.dll.mui" (normalized: "c:\\boot\\resources\\en-us\\bootres.dll.mui")) returned 0x20 [0084.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Resources\\en-US\\bootres.dll.mui" (normalized: "c:\\boot\\resources\\en-us\\bootres.dll.mui")) returned 0x20 [0084.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Resources\\en-US\\bootres.dll.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\resources\\en-us\\bootres.dll.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.564] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Resources\\en-US\\bootres.dll.mui" (normalized: "c:\\boot\\resources\\en-us\\bootres.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.564] SetEvent (hEvent=0x28c) returned 1 [0084.564] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ro-RO\\bootmgr.exe.mui" (normalized: "c:\\boot\\ro-ro\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.564] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76128) returned 1 [0084.564] CloseHandle (hObject=0x328) returned 1 [0084.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ro-RO\\bootmgr.exe.mui" (normalized: "c:\\boot\\ro-ro\\bootmgr.exe.mui")) returned 0x20 [0084.565] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ro-RO\\bootmgr.exe.mui" (normalized: "c:\\boot\\ro-ro\\bootmgr.exe.mui")) returned 0x20 [0084.565] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ro-RO\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\ro-ro\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.565] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ro-RO\\bootmgr.exe.mui" (normalized: "c:\\boot\\ro-ro\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.565] SetEvent (hEvent=0x28c) returned 1 [0084.565] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.565] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77152) returned 1 [0084.565] CloseHandle (hObject=0x328) returned 1 [0084.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui")) returned 0x20 [0084.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui")) returned 0x20 [0084.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.566] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.566] SetEvent (hEvent=0x28c) returned 1 [0084.566] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\memtest.exe.mui" (normalized: "c:\\boot\\ru-ru\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.566] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=44960) returned 1 [0084.566] CloseHandle (hObject=0x328) returned 1 [0084.567] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\memtest.exe.mui" (normalized: "c:\\boot\\ru-ru\\memtest.exe.mui")) returned 0x20 [0084.567] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\memtest.exe.mui" (normalized: "c:\\boot\\ru-ru\\memtest.exe.mui")) returned 0x20 [0084.567] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\ru-ru\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.567] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\memtest.exe.mui" (normalized: "c:\\boot\\ru-ru\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.567] SetEvent (hEvent=0x28c) returned 1 [0084.567] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sk-SK\\bootmgr.exe.mui" (normalized: "c:\\boot\\sk-sk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.568] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77144) returned 1 [0084.568] CloseHandle (hObject=0x328) returned 1 [0084.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sk-SK\\bootmgr.exe.mui" (normalized: "c:\\boot\\sk-sk\\bootmgr.exe.mui")) returned 0x20 [0084.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sk-SK\\bootmgr.exe.mui" (normalized: "c:\\boot\\sk-sk\\bootmgr.exe.mui")) returned 0x20 [0084.568] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sk-SK\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\sk-sk\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.568] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sk-SK\\bootmgr.exe.mui" (normalized: "c:\\boot\\sk-sk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.568] SetEvent (hEvent=0x28c) returned 1 [0084.568] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sl-SI\\bootmgr.exe.mui" (normalized: "c:\\boot\\sl-si\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.569] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76640) returned 1 [0084.569] CloseHandle (hObject=0x328) returned 1 [0084.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sl-SI\\bootmgr.exe.mui" (normalized: "c:\\boot\\sl-si\\bootmgr.exe.mui")) returned 0x20 [0084.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sl-SI\\bootmgr.exe.mui" (normalized: "c:\\boot\\sl-si\\bootmgr.exe.mui")) returned 0x20 [0084.569] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sl-SI\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\sl-si\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.569] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sl-SI\\bootmgr.exe.mui" (normalized: "c:\\boot\\sl-si\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.569] SetEvent (hEvent=0x28c) returned 1 [0084.570] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.570] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77152) returned 1 [0084.570] CloseHandle (hObject=0x328) returned 1 [0084.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\bootmgr.exe.mui")) returned 0x20 [0084.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\bootmgr.exe.mui")) returned 0x20 [0084.570] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\sr-latn-cs\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.570] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.570] SetEvent (hEvent=0x28c) returned 1 [0084.571] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\memtest.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.571] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=44888) returned 1 [0084.571] CloseHandle (hObject=0x328) returned 1 [0084.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\memtest.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\memtest.exe.mui")) returned 0x20 [0084.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\memtest.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\memtest.exe.mui")) returned 0x20 [0084.571] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\sr-latn-cs\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.571] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-CS\\memtest.exe.mui" (normalized: "c:\\boot\\sr-latn-cs\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.571] SetEvent (hEvent=0x28c) returned 1 [0084.572] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-RS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-rs\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.572] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77152) returned 1 [0084.572] CloseHandle (hObject=0x328) returned 1 [0084.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-RS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-rs\\bootmgr.exe.mui")) returned 0x20 [0084.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-RS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-rs\\bootmgr.exe.mui")) returned 0x20 [0084.572] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-RS\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\sr-latn-rs\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.572] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sr-Latn-RS\\bootmgr.exe.mui" (normalized: "c:\\boot\\sr-latn-rs\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.572] SetEvent (hEvent=0x28c) returned 1 [0084.573] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.573] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=76128) returned 1 [0084.573] CloseHandle (hObject=0x328) returned 1 [0084.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui")) returned 0x20 [0084.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui")) returned 0x20 [0084.573] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.573] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.573] SetEvent (hEvent=0x28c) returned 1 [0084.574] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\memtest.exe.mui" (normalized: "c:\\boot\\sv-se\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.574] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=44952) returned 1 [0084.574] CloseHandle (hObject=0x328) returned 1 [0084.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\memtest.exe.mui" (normalized: "c:\\boot\\sv-se\\memtest.exe.mui")) returned 0x20 [0084.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\memtest.exe.mui" (normalized: "c:\\boot\\sv-se\\memtest.exe.mui")) returned 0x20 [0084.574] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\sv-se\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.574] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\memtest.exe.mui" (normalized: "c:\\boot\\sv-se\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.574] SetEvent (hEvent=0x28c) returned 1 [0084.575] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.575] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=75096) returned 1 [0084.575] CloseHandle (hObject=0x328) returned 1 [0084.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui")) returned 0x20 [0084.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui")) returned 0x20 [0084.575] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.575] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.576] SetEvent (hEvent=0x28c) returned 1 [0084.576] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\memtest.exe.mui" (normalized: "c:\\boot\\tr-tr\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.576] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=45472) returned 1 [0084.576] CloseHandle (hObject=0x328) returned 1 [0084.576] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\memtest.exe.mui" (normalized: "c:\\boot\\tr-tr\\memtest.exe.mui")) returned 0x20 [0084.576] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\memtest.exe.mui" (normalized: "c:\\boot\\tr-tr\\memtest.exe.mui")) returned 0x20 [0084.576] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\tr-tr\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.576] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\memtest.exe.mui" (normalized: "c:\\boot\\tr-tr\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.576] SetEvent (hEvent=0x28c) returned 1 [0084.577] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\uk-UA\\bootmgr.exe.mui" (normalized: "c:\\boot\\uk-ua\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.577] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=77152) returned 1 [0084.577] CloseHandle (hObject=0x328) returned 1 [0084.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\uk-UA\\bootmgr.exe.mui" (normalized: "c:\\boot\\uk-ua\\bootmgr.exe.mui")) returned 0x20 [0084.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\uk-UA\\bootmgr.exe.mui" (normalized: "c:\\boot\\uk-ua\\bootmgr.exe.mui")) returned 0x20 [0084.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\uk-UA\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\uk-ua\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.578] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\uk-UA\\bootmgr.exe.mui" (normalized: "c:\\boot\\uk-ua\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.578] SetEvent (hEvent=0x28c) returned 1 [0084.578] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\updaterevokesipolicy.p7b" (normalized: "c:\\boot\\updaterevokesipolicy.p7b"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.579] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=4662) returned 1 [0084.579] CloseHandle (hObject=0x328) returned 1 [0084.579] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\updaterevokesipolicy.p7b" (normalized: "c:\\boot\\updaterevokesipolicy.p7b")) returned 0x20 [0084.579] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\updaterevokesipolicy.p7b" (normalized: "c:\\boot\\updaterevokesipolicy.p7b")) returned 0x20 [0084.579] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\updaterevokesipolicy.p7b.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\updaterevokesipolicy.p7b.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.579] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\updaterevokesipolicy.p7b" (normalized: "c:\\boot\\updaterevokesipolicy.p7b"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.579] SetEvent (hEvent=0x28c) returned 1 [0084.579] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.579] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=63840) returned 1 [0084.579] CloseHandle (hObject=0x328) returned 1 [0084.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui")) returned 0x20 [0084.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui")) returned 0x20 [0084.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.580] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.580] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\memtest.exe.mui" (normalized: "c:\\boot\\zh-cn\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.580] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=42400) returned 1 [0084.580] CloseHandle (hObject=0x328) returned 1 [0084.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\memtest.exe.mui" (normalized: "c:\\boot\\zh-cn\\memtest.exe.mui")) returned 0x20 [0084.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\memtest.exe.mui" (normalized: "c:\\boot\\zh-cn\\memtest.exe.mui")) returned 0x20 [0084.580] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\zh-cn\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.580] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\memtest.exe.mui" (normalized: "c:\\boot\\zh-cn\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.581] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.581] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=63832) returned 1 [0084.581] CloseHandle (hObject=0x328) returned 1 [0084.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui")) returned 0x20 [0084.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui")) returned 0x20 [0084.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.581] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.581] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\memtest.exe.mui" (normalized: "c:\\boot\\zh-hk\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.581] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=42328) returned 1 [0084.581] CloseHandle (hObject=0x328) returned 1 [0084.581] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\memtest.exe.mui" (normalized: "c:\\boot\\zh-hk\\memtest.exe.mui")) returned 0x20 [0084.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\memtest.exe.mui" (normalized: "c:\\boot\\zh-hk\\memtest.exe.mui")) returned 0x20 [0084.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\zh-hk\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.582] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\memtest.exe.mui" (normalized: "c:\\boot\\zh-hk\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.582] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.582] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=63840) returned 1 [0084.582] CloseHandle (hObject=0x328) returned 1 [0084.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui")) returned 0x20 [0084.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui")) returned 0x20 [0084.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.582] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.583] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\memtest.exe.mui" (normalized: "c:\\boot\\zh-tw\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.583] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=42392) returned 1 [0084.583] CloseHandle (hObject=0x328) returned 1 [0084.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\memtest.exe.mui" (normalized: "c:\\boot\\zh-tw\\memtest.exe.mui")) returned 0x20 [0084.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\memtest.exe.mui" (normalized: "c:\\boot\\zh-tw\\memtest.exe.mui")) returned 0x20 [0084.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\memtest.exe.mui.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\boot\\zh-tw\\memtest.exe.mui.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.756] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\memtest.exe.mui" (normalized: "c:\\boot\\zh-tw\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.762] SetEvent (hEvent=0x28c) returned 1 [0084.763] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.763] SetEvent (hEvent=0x28c) returned 1 [0084.763] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.767] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0084.767] CloseHandle (hObject=0x314) returned 1 [0084.767] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx")) returned 0x20 [0084.767] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx")) returned 0x20 [0084.767] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\application.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.767] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0084.768] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0084.768] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0084.768] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\application.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0084.768] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0084.770] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0084.772] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x102, lpOverlapped=0x0) returned 1 [0084.772] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0084.772] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0084.772] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0084.773] FlushFileBuffers (hFile=0x314) returned 1 [0085.041] FlushFileBuffers (hFile=0x310) returned 1 [0085.043] CloseHandle (hObject=0x314) returned 1 [0085.044] CloseHandle (hObject=0x310) returned 1 [0085.044] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Application.evtx" (normalized: "c:\\logs\\application.evtx")) returned 1 [0085.045] SetEvent (hEvent=0x28c) returned 1 [0085.045] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.045] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.045] CloseHandle (hObject=0x310) returned 1 [0085.046] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx")) returned 0x20 [0085.046] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx")) returned 0x20 [0085.046] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\key management service.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.046] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.046] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.046] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.046] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\key management service.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0085.046] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.049] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.051] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x112, lpOverlapped=0x0) returned 1 [0085.051] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.051] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.051] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.052] FlushFileBuffers (hFile=0x310) returned 1 [0085.103] FlushFileBuffers (hFile=0x314) returned 1 [0085.113] CloseHandle (hObject=0x310) returned 1 [0085.113] CloseHandle (hObject=0x314) returned 1 [0085.113] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Key Management Service.evtx" (normalized: "c:\\logs\\key management service.evtx")) returned 1 [0085.115] SetEvent (hEvent=0x28c) returned 1 [0085.115] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.118] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.118] CloseHandle (hObject=0x314) returned 1 [0085.118] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx")) returned 0x20 [0085.118] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx")) returned 0x20 [0085.118] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.118] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.118] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.118] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.118] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0085.119] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.121] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.123] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x172, lpOverlapped=0x0) returned 1 [0085.123] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.123] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.123] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.124] FlushFileBuffers (hFile=0x314) returned 1 [0085.132] FlushFileBuffers (hFile=0x310) returned 1 [0085.178] CloseHandle (hObject=0x314) returned 1 [0085.178] CloseHandle (hObject=0x310) returned 1 [0085.178] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx" (normalized: "c:\\logs\\microsoft-windows-application-experience%4program-compatibility-assistant.evtx")) returned 1 [0085.180] SetEvent (hEvent=0x28c) returned 1 [0085.180] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.180] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.180] CloseHandle (hObject=0x310) returned 1 [0085.180] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx")) returned 0x20 [0085.180] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx")) returned 0x20 [0085.180] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.180] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.180] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.181] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.181] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0085.181] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.183] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.185] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x132, lpOverlapped=0x0) returned 1 [0085.185] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.186] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.186] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.186] FlushFileBuffers (hFile=0x310) returned 1 [0085.500] FlushFileBuffers (hFile=0x314) returned 1 [0085.503] CloseHandle (hObject=0x310) returned 1 [0085.503] CloseHandle (hObject=0x314) returned 1 [0085.504] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4exe and dll.evtx")) returned 1 [0085.505] SetEvent (hEvent=0x28c) returned 1 [0085.505] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.505] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.505] CloseHandle (hObject=0x314) returned 1 [0085.505] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx")) returned 0x20 [0085.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx")) returned 0x20 [0085.506] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.506] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.506] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.506] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.506] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0085.506] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.509] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.511] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0085.511] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.511] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.511] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.511] FlushFileBuffers (hFile=0x314) returned 1 [0085.519] FlushFileBuffers (hFile=0x310) returned 1 [0085.521] CloseHandle (hObject=0x314) returned 1 [0085.521] CloseHandle (hObject=0x310) returned 1 [0085.521] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4MSI and Script.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4msi and script.evtx")) returned 1 [0085.522] SetEvent (hEvent=0x28c) returned 1 [0085.523] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.523] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.523] CloseHandle (hObject=0x310) returned 1 [0085.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx")) returned 0x20 [0085.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx")) returned 0x20 [0085.523] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.523] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.523] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.523] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.523] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0085.524] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.526] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.528] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x152, lpOverlapped=0x0) returned 1 [0085.528] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.528] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.528] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.528] FlushFileBuffers (hFile=0x310) returned 1 [0085.531] FlushFileBuffers (hFile=0x314) returned 1 [0085.544] CloseHandle (hObject=0x310) returned 1 [0085.544] CloseHandle (hObject=0x314) returned 1 [0085.544] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-deployment.evtx")) returned 1 [0085.545] SetEvent (hEvent=0x28c) returned 1 [0085.545] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.546] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.546] CloseHandle (hObject=0x314) returned 1 [0085.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx")) returned 0x20 [0085.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx")) returned 0x20 [0085.546] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.546] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.546] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.546] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.546] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0085.546] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.549] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.551] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x152, lpOverlapped=0x0) returned 1 [0085.551] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.551] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.551] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.551] FlushFileBuffers (hFile=0x314) returned 1 [0085.569] FlushFileBuffers (hFile=0x310) returned 1 [0085.575] CloseHandle (hObject=0x314) returned 1 [0085.575] CloseHandle (hObject=0x310) returned 1 [0085.575] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx" (normalized: "c:\\logs\\microsoft-windows-applocker%4packaged app-execution.evtx")) returned 1 [0085.577] SetEvent (hEvent=0x28c) returned 1 [0085.577] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.577] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.577] CloseHandle (hObject=0x310) returned 1 [0085.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx")) returned 0x20 [0085.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx")) returned 0x20 [0085.577] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.578] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.578] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.578] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.578] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0085.578] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.580] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.582] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x132, lpOverlapped=0x0) returned 1 [0085.582] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.582] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.583] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.583] FlushFileBuffers (hFile=0x310) returned 1 [0085.585] FlushFileBuffers (hFile=0x314) returned 1 [0085.594] CloseHandle (hObject=0x310) returned 1 [0085.595] CloseHandle (hObject=0x314) returned 1 [0085.595] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4admin.evtx")) returned 1 [0085.597] SetEvent (hEvent=0x28c) returned 1 [0085.597] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.597] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.597] CloseHandle (hObject=0x314) returned 1 [0085.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx")) returned 0x20 [0085.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx")) returned 0x20 [0085.597] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.597] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.598] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.598] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.598] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0085.631] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.633] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.635] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0085.635] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.635] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.635] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.635] FlushFileBuffers (hFile=0x314) returned 1 [0085.852] FlushFileBuffers (hFile=0x310) returned 1 [0085.854] CloseHandle (hObject=0x314) returned 1 [0085.854] CloseHandle (hObject=0x310) returned 1 [0085.854] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeployment%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeployment%4operational.evtx")) returned 1 [0085.855] SetEvent (hEvent=0x28c) returned 1 [0085.855] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.856] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.856] CloseHandle (hObject=0x310) returned 1 [0085.856] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx")) returned 0x20 [0085.857] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx")) returned 0x20 [0085.857] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.857] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.857] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.857] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.857] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0085.857] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.859] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.861] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0085.861] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.861] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.861] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.861] FlushFileBuffers (hFile=0x310) returned 1 [0085.863] FlushFileBuffers (hFile=0x314) returned 1 [0085.865] CloseHandle (hObject=0x310) returned 1 [0085.865] CloseHandle (hObject=0x314) returned 1 [0085.866] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4restricted.evtx")) returned 1 [0085.867] SetEvent (hEvent=0x28c) returned 1 [0085.867] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.868] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.868] CloseHandle (hObject=0x314) returned 1 [0085.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx")) returned 0x20 [0085.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx")) returned 0x20 [0085.868] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.868] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.868] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.868] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.868] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0085.868] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.871] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.872] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0085.873] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.873] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.873] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.873] FlushFileBuffers (hFile=0x314) returned 1 [0085.876] FlushFileBuffers (hFile=0x310) returned 1 [0085.895] CloseHandle (hObject=0x314) returned 1 [0085.895] CloseHandle (hObject=0x310) returned 1 [0085.895] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppxPackaging%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxpackaging%4operational.evtx")) returned 1 [0085.897] SetEvent (hEvent=0x28c) returned 1 [0085.897] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.898] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.898] CloseHandle (hObject=0x310) returned 1 [0085.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx")) returned 0x20 [0085.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx")) returned 0x20 [0085.898] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.899] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.899] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.899] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.899] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0085.899] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.901] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.903] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x162, lpOverlapped=0x0) returned 1 [0085.903] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.903] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.903] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.903] FlushFileBuffers (hFile=0x310) returned 1 [0085.905] FlushFileBuffers (hFile=0x314) returned 1 [0085.907] CloseHandle (hObject=0x310) returned 1 [0085.907] CloseHandle (hObject=0x314) returned 1 [0085.907] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-backgroundtaskinfrastructure%4operational.evtx")) returned 1 [0085.908] SetEvent (hEvent=0x28c) returned 1 [0085.908] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.909] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.909] CloseHandle (hObject=0x314) returned 1 [0085.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx")) returned 0x20 [0085.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx")) returned 0x20 [0085.909] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.909] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.909] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.909] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.909] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0085.911] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.914] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.916] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x132, lpOverlapped=0x0) returned 1 [0085.916] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.916] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.916] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.917] FlushFileBuffers (hFile=0x314) returned 1 [0085.919] FlushFileBuffers (hFile=0x310) returned 1 [0085.927] CloseHandle (hObject=0x314) returned 1 [0085.927] CloseHandle (hObject=0x310) returned 1 [0085.928] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Bits-Client%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-bits-client%4operational.evtx")) returned 1 [0085.929] SetEvent (hEvent=0x28c) returned 1 [0085.929] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.930] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.930] CloseHandle (hObject=0x310) returned 1 [0085.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx")) returned 0x20 [0085.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx")) returned 0x20 [0085.930] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.930] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0085.930] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.930] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.930] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0085.930] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.933] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.935] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0085.935] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.935] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.935] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.935] FlushFileBuffers (hFile=0x310) returned 1 [0085.938] FlushFileBuffers (hFile=0x314) returned 1 [0085.939] CloseHandle (hObject=0x310) returned 1 [0085.939] CloseHandle (hObject=0x314) returned 1 [0085.939] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-codeintegrity%4operational.evtx")) returned 1 [0085.941] SetEvent (hEvent=0x28c) returned 1 [0085.941] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.941] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0085.941] CloseHandle (hObject=0x314) returned 1 [0085.941] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx")) returned 0x20 [0085.941] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx")) returned 0x20 [0085.941] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.941] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0085.941] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.941] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0085.941] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0085.942] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0085.945] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0085.946] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x152, lpOverlapped=0x0) returned 1 [0085.947] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.947] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0085.947] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0085.947] FlushFileBuffers (hFile=0x314) returned 1 [0086.119] FlushFileBuffers (hFile=0x310) returned 1 [0086.121] CloseHandle (hObject=0x314) returned 1 [0086.122] CloseHandle (hObject=0x310) returned 1 [0086.122] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-coresystem-smsrouter-events%4operational.evtx")) returned 1 [0086.124] SetEvent (hEvent=0x28c) returned 1 [0086.124] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.126] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.126] CloseHandle (hObject=0x310) returned 1 [0086.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx")) returned 0x20 [0086.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx")) returned 0x20 [0086.126] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.126] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.127] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.127] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.127] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0086.127] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.193] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.195] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0086.196] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.196] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.196] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.196] FlushFileBuffers (hFile=0x310) returned 1 [0086.199] FlushFileBuffers (hFile=0x314) returned 1 [0086.200] CloseHandle (hObject=0x310) returned 1 [0086.200] CloseHandle (hObject=0x314) returned 1 [0086.201] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4operational.evtx")) returned 1 [0086.202] SetEvent (hEvent=0x28c) returned 1 [0086.202] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.202] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.202] CloseHandle (hObject=0x314) returned 1 [0086.202] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx")) returned 0x20 [0086.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx")) returned 0x20 [0086.203] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.203] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.203] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.203] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.203] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0086.203] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.206] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.207] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0086.208] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.208] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.208] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.208] FlushFileBuffers (hFile=0x314) returned 1 [0086.211] FlushFileBuffers (hFile=0x310) returned 1 [0086.212] CloseHandle (hObject=0x314) returned 1 [0086.212] CloseHandle (hObject=0x310) returned 1 [0086.213] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4admin.evtx")) returned 1 [0086.214] SetEvent (hEvent=0x28c) returned 1 [0086.214] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.214] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.214] CloseHandle (hObject=0x310) returned 1 [0086.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx")) returned 0x20 [0086.214] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx")) returned 0x20 [0086.215] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.215] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.215] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.215] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.215] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0086.216] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.218] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.220] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0086.220] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.220] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.220] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.220] FlushFileBuffers (hFile=0x310) returned 1 [0086.223] FlushFileBuffers (hFile=0x314) returned 1 [0086.234] CloseHandle (hObject=0x310) returned 1 [0086.235] CloseHandle (hObject=0x314) returned 1 [0086.235] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceSetupManager%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-devicesetupmanager%4operational.evtx")) returned 1 [0086.236] SetEvent (hEvent=0x28c) returned 1 [0086.236] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.237] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.237] CloseHandle (hObject=0x314) returned 1 [0086.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx")) returned 0x20 [0086.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx")) returned 0x20 [0086.237] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.237] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.237] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.237] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.237] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0086.237] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.240] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.242] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x132, lpOverlapped=0x0) returned 1 [0086.242] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.242] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.242] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.243] FlushFileBuffers (hFile=0x314) returned 1 [0086.253] FlushFileBuffers (hFile=0x310) returned 1 [0086.257] CloseHandle (hObject=0x314) returned 1 [0086.257] CloseHandle (hObject=0x310) returned 1 [0086.257] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcp-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcp-client%4admin.evtx")) returned 1 [0086.259] SetEvent (hEvent=0x28c) returned 1 [0086.259] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.259] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.259] CloseHandle (hObject=0x310) returned 1 [0086.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx")) returned 0x20 [0086.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx")) returned 0x20 [0086.259] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.259] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.259] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.259] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.260] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0086.260] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.263] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.265] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x132, lpOverlapped=0x0) returned 1 [0086.265] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.265] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.265] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.265] FlushFileBuffers (hFile=0x310) returned 1 [0086.269] FlushFileBuffers (hFile=0x314) returned 1 [0086.272] CloseHandle (hObject=0x310) returned 1 [0086.272] CloseHandle (hObject=0x314) returned 1 [0086.272] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-dhcpv6-client%4admin.evtx")) returned 1 [0086.273] SetEvent (hEvent=0x28c) returned 1 [0086.273] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.275] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.275] CloseHandle (hObject=0x314) returned 1 [0086.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx")) returned 0x20 [0086.275] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx")) returned 0x20 [0086.276] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.276] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.276] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.276] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.276] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0086.276] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.279] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.281] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0086.281] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.281] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.281] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.281] FlushFileBuffers (hFile=0x314) returned 1 [0086.284] FlushFileBuffers (hFile=0x310) returned 1 [0086.287] CloseHandle (hObject=0x314) returned 1 [0086.287] CloseHandle (hObject=0x310) returned 1 [0086.287] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnosis-dps%4operational.evtx")) returned 1 [0086.288] SetEvent (hEvent=0x28c) returned 1 [0086.288] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.289] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.289] CloseHandle (hObject=0x310) returned 1 [0086.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx")) returned 0x20 [0086.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx")) returned 0x20 [0086.289] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.289] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.289] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.289] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.289] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0086.291] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.293] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.295] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x152, lpOverlapped=0x0) returned 1 [0086.295] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.295] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.296] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.296] FlushFileBuffers (hFile=0x310) returned 1 [0086.300] FlushFileBuffers (hFile=0x314) returned 1 [0086.301] CloseHandle (hObject=0x310) returned 1 [0086.301] CloseHandle (hObject=0x314) returned 1 [0086.303] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-diagnostics-performance%4operational.evtx")) returned 1 [0086.304] SetEvent (hEvent=0x28c) returned 1 [0086.304] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.305] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0086.305] CloseHandle (hObject=0x314) returned 1 [0086.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx")) returned 0x20 [0086.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx")) returned 0x20 [0086.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.305] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0086.305] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.305] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.305] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0086.305] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0086.308] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0086.310] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x132, lpOverlapped=0x0) returned 1 [0086.310] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.310] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0086.310] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0086.310] FlushFileBuffers (hFile=0x314) returned 1 [0086.759] FlushFileBuffers (hFile=0x310) returned 1 [0086.761] CloseHandle (hObject=0x314) returned 1 [0086.762] CloseHandle (hObject=0x310) returned 1 [0086.762] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-GroupPolicy%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-grouppolicy%4operational.evtx")) returned 1 [0086.763] SetEvent (hEvent=0x28c) returned 1 [0086.763] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.764] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=1052672) returned 1 [0086.764] CloseHandle (hObject=0x310) returned 1 [0086.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx")) returned 0x20 [0086.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx")) returned 0x20 [0086.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.764] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0086.764] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.764] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0086.764] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0086.764] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x101000, lpOverlapped=0x0) returned 1 [0086.791] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x101010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x101010, lpOverlapped=0x0) returned 1 [0087.014] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0087.014] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.014] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.014] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x101000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x101000, lpOverlapped=0x0) returned 1 [0087.019] FlushFileBuffers (hFile=0x310) returned 1 [0087.024] FlushFileBuffers (hFile=0x314) returned 1 [0087.027] CloseHandle (hObject=0x310) returned 1 [0087.027] CloseHandle (hObject=0x314) returned 1 [0087.027] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-PnP%4Configuration.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-pnp%4configuration.evtx")) returned 1 [0087.037] SetEvent (hEvent=0x28c) returned 1 [0087.037] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0087.046] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0087.046] CloseHandle (hObject=0x314) returned 1 [0087.047] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx")) returned 0x20 [0087.047] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx")) returned 0x20 [0087.047] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.047] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0087.047] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0087.047] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0087.047] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0087.048] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0087.050] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0087.052] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x132, lpOverlapped=0x0) returned 1 [0087.052] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.052] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.052] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0087.052] FlushFileBuffers (hFile=0x314) returned 1 [0087.055] FlushFileBuffers (hFile=0x310) returned 1 [0087.058] CloseHandle (hObject=0x314) returned 1 [0087.058] CloseHandle (hObject=0x310) returned 1 [0087.058] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4operational.evtx")) returned 1 [0087.060] SetEvent (hEvent=0x28c) returned 1 [0087.060] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0087.060] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0087.060] CloseHandle (hObject=0x310) returned 1 [0087.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx")) returned 0x20 [0087.061] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx")) returned 0x20 [0087.061] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.061] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0087.061] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0087.061] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0087.061] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x314 [0087.061] ReadFile (in: hFile=0x310, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0087.064] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0087.065] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x142, lpOverlapped=0x0) returned 1 [0087.066] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.066] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.066] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0087.066] FlushFileBuffers (hFile=0x310) returned 1 [0087.254] FlushFileBuffers (hFile=0x314) returned 1 [0087.263] CloseHandle (hObject=0x310) returned 1 [0087.263] CloseHandle (hObject=0x314) returned 1 [0087.263] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Known Folders API Service.evtx" (normalized: "c:\\logs\\microsoft-windows-known folders api service.evtx")) returned 1 [0087.264] SetEvent (hEvent=0x28c) returned 1 [0087.264] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0087.266] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x102fa10 | out: lpFileSize=0x102fa10*=69632) returned 1 [0087.266] CloseHandle (hObject=0x314) returned 1 [0087.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx")) returned 0x20 [0087.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx")) returned 0x20 [0087.266] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.266] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0087.266] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0087.266] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f9d8 | out: lpNewFilePointer=0x0) returned 1 [0087.266] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-program-compatibility-assistant%4compatafterupgrade.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x310 [0087.267] ReadFile (in: hFile=0x314, lpBuffer=0x4c6a020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x102f9ec, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesRead=0x102f9ec*=0x11000, lpOverlapped=0x0) returned 1 [0087.269] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x11010, lpOverlapped=0x0) returned 1 [0087.271] WriteFile (in: hFile=0x310, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x102f9c4, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f9c4*=0x172, lpOverlapped=0x0) returned 1 [0087.272] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.272] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x102f738 | out: lpNewFilePointer=0x0) returned 1 [0087.272] WriteFile (in: hFile=0x314, lpBuffer=0x4c6a020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x102f744, lpOverlapped=0x0 | out: lpBuffer=0x4c6a020*, lpNumberOfBytesWritten=0x102f744*=0x11000, lpOverlapped=0x0) returned 1 [0087.272] FlushFileBuffers (hFile=0x314) returned 1 [0087.488] FlushFileBuffers (hFile=0x310) Thread: id = 19 os_tid = 0x754 [0053.338] GetProcessHeap () returned 0x4b0000 [0053.338] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4b80058 [0053.341] GetProcessHeap () returned 0x4b0000 [0053.341] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x10000) returned 0x4b90060 [0053.341] GetProcessHeap () returned 0x4b0000 [0053.341] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x28) returned 0x570e70 [0053.341] GetProcessHeap () returned 0x4b0000 [0053.341] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x110102) returned 0x4d88020 [0053.344] GetProcessHeap () returned 0x4b0000 [0053.344] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x50) returned 0x4d0c08 [0053.344] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75e90000 [0053.344] GetProcAddress (hModule=0x75e90000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x75ea6b30 [0053.344] Wow64DisableWow64FsRedirection (in: OldValue=0x10aff18 | out: OldValue=0x10aff18*=0x0) returned 1 [0053.344] GetProcessHeap () returned 0x4b0000 [0053.344] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d0c08 | out: hHeap=0x4b0000) returned 1 [0053.345] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0053.346] GetFileSizeEx (in: hFile=0x2ac, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=6004) returned 1 [0053.346] CloseHandle (hObject=0x2ac) returned 1 [0053.347] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log")) returned 0x20 [0053.347] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log")) returned 0x20 [0053.347] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.347] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ac [0053.347] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0053.347] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0053.347] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2b8 [0053.348] ReadFile (in: hFile=0x2ac, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x1774, lpOverlapped=0x0) returned 1 [0053.362] WriteFile (in: hFile=0x2b8, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1780, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x1780, lpOverlapped=0x0) returned 1 [0053.363] WriteFile (in: hFile=0x2b8, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x122, lpOverlapped=0x0) returned 1 [0053.363] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0053.363] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0053.363] WriteFile (in: hFile=0x2ac, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1774, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x1774, lpOverlapped=0x0) returned 1 [0053.363] FlushFileBuffers (hFile=0x2ac) returned 1 [0053.820] FlushFileBuffers (hFile=0x2b8) returned 1 [0053.832] CloseHandle (hObject=0x2ac) returned 1 [0053.833] CloseHandle (hObject=0x2b8) returned 1 [0053.833] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log")) returned 1 [0053.834] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.837] GetFileSizeEx (in: hFile=0x2b8, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=144072) returned 1 [0053.837] CloseHandle (hObject=0x2b8) returned 1 [0053.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll")) returned 0x20 [0053.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll")) returned 0x20 [0053.837] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0053.837] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.837] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0053.837] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0053.837] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x2ac [0053.838] ReadFile (in: hFile=0x2b8, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x232c8, lpOverlapped=0x0) returned 1 [0053.855] WriteFile (in: hFile=0x2ac, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x232d0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x232d0, lpOverlapped=0x0) returned 1 [0053.859] WriteFile (in: hFile=0x2ac, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0053.859] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0053.859] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0053.859] WriteFile (in: hFile=0x2b8, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x232c8, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x232c8, lpOverlapped=0x0) returned 1 [0053.860] FlushFileBuffers (hFile=0x2b8) returned 1 [0054.415] FlushFileBuffers (hFile=0x2ac) returned 1 [0054.417] CloseHandle (hObject=0x2b8) returned 1 [0054.420] CloseHandle (hObject=0x2ac) returned 1 [0054.423] DeleteFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll" (normalized: "c:\\$getcurrent\\safeos\\getcurrentoobe.dll")) returned 1 [0054.605] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.605] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=129) returned 1 [0054.605] CloseHandle (hObject=0x2bc) returned 1 [0054.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini")) returned 0x26 [0054.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini")) returned 0x26 [0054.605] GetFileAttributesW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.605] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.605] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.605] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.605] CreateFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x26, hTemplateFile=0x0) returned 0x314 [0054.675] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x81, lpOverlapped=0x0) returned 1 [0054.676] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x90, lpOverlapped=0x0) returned 1 [0054.677] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0054.677] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.677] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.677] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x81, lpOverlapped=0x0) returned 1 [0054.677] FlushFileBuffers (hFile=0x2bc) returned 1 [0054.696] FlushFileBuffers (hFile=0x314) returned 1 [0054.704] CloseHandle (hObject=0x2bc) returned 1 [0054.704] CloseHandle (hObject=0x314) returned 1 [0054.705] DeleteFileW (lpFileName="\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-18\\desktop.ini")) returned 1 [0054.706] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0054.708] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=7567) returned 1 [0054.708] CloseHandle (hObject=0x314) returned 1 [0054.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf")) returned 0x80 [0054.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf")) returned 0x80 [0054.708] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.708] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0054.709] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.709] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.709] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0054.734] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x1d8f, lpOverlapped=0x0) returned 1 [0054.739] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1d90, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x1d90, lpOverlapped=0x0) returned 1 [0054.740] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0054.740] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.740] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.740] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1d8f, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x1d8f, lpOverlapped=0x0) returned 1 [0054.740] FlushFileBuffers (hFile=0x314) returned 1 [0054.757] FlushFileBuffers (hFile=0x32c) returned 1 [0054.759] CloseHandle (hObject=0x314) returned 1 [0054.760] CloseHandle (hObject=0x32c) returned 1 [0054.760] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf")) returned 1 [0054.762] SetEvent (hEvent=0x28c) returned 1 [0054.762] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0054.764] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=17240) returned 1 [0054.764] CloseHandle (hObject=0x328) returned 1 [0054.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll")) returned 0x80 [0054.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll")) returned 0x80 [0054.764] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.764] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0054.764] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.764] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.764] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0054.765] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4358, lpOverlapped=0x0) returned 1 [0054.766] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4360, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4360, lpOverlapped=0x0) returned 1 [0054.768] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0054.768] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.768] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.768] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4358, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4358, lpOverlapped=0x0) returned 1 [0054.768] FlushFileBuffers (hFile=0x328) returned 1 [0054.770] FlushFileBuffers (hFile=0x32c) returned 1 [0054.772] CloseHandle (hObject=0x328) returned 1 [0054.773] CloseHandle (hObject=0x32c) returned 1 [0054.775] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1025\\setupresources.dll")) returned 1 [0054.776] SetEvent (hEvent=0x28c) returned 1 [0054.776] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0054.776] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=6309) returned 1 [0054.776] CloseHandle (hObject=0x32c) returned 1 [0054.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf")) returned 0x80 [0054.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf")) returned 0x80 [0054.776] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.777] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0054.777] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.777] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.777] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0054.778] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x18a5, lpOverlapped=0x0) returned 1 [0054.780] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x18b0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x18b0, lpOverlapped=0x0) returned 1 [0054.781] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0054.781] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.781] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.781] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x18a5, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x18a5, lpOverlapped=0x0) returned 1 [0054.781] FlushFileBuffers (hFile=0x32c) returned 1 [0054.783] FlushFileBuffers (hFile=0x328) returned 1 [0054.785] CloseHandle (hObject=0x32c) returned 1 [0054.786] CloseHandle (hObject=0x328) returned 1 [0054.786] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf")) returned 1 [0054.788] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0054.788] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=60816) returned 1 [0054.788] CloseHandle (hObject=0x328) returned 1 [0054.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml")) returned 0x80 [0054.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml")) returned 0x80 [0054.788] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0054.788] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0054.788] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.788] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0054.788] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0054.788] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xed90, lpOverlapped=0x0) returned 1 [0054.792] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xeda0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xeda0, lpOverlapped=0x0) returned 1 [0054.793] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0054.794] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.794] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0054.794] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xed90, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xed90, lpOverlapped=0x0) returned 1 [0054.794] FlushFileBuffers (hFile=0x328) returned 1 [0055.168] FlushFileBuffers (hFile=0x32c) returned 1 [0055.171] CloseHandle (hObject=0x328) returned 1 [0055.173] CloseHandle (hObject=0x32c) returned 1 [0055.175] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml")) returned 1 [0055.176] SetEvent (hEvent=0x28c) returned 1 [0055.177] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0055.178] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=3726) returned 1 [0055.178] CloseHandle (hObject=0x32c) returned 1 [0055.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf")) returned 0x80 [0055.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf")) returned 0x80 [0055.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0055.178] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0055.178] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0055.178] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0055.178] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0055.183] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xe8e, lpOverlapped=0x0) returned 1 [0055.187] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xe90, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xe90, lpOverlapped=0x0) returned 1 [0055.188] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0055.188] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0055.188] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0055.188] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xe8e, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xe8e, lpOverlapped=0x0) returned 1 [0055.188] FlushFileBuffers (hFile=0x32c) returned 1 [0056.133] FlushFileBuffers (hFile=0x2bc) returned 1 [0064.141] CloseHandle (hObject=0x32c) returned 1 [0064.142] CloseHandle (hObject=0x2bc) returned 1 [0064.143] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf")) returned 1 [0064.144] SetEvent (hEvent=0x28c) returned 1 [0064.144] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0064.145] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=18264) returned 1 [0064.145] CloseHandle (hObject=0x2bc) returned 1 [0064.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll")) returned 0x80 [0064.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll")) returned 0x80 [0064.145] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.145] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0064.145] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.145] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.145] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0064.145] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4758, lpOverlapped=0x0) returned 1 [0064.336] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4760, lpOverlapped=0x0) returned 1 [0064.337] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0064.337] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.337] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.338] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4758, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4758, lpOverlapped=0x0) returned 1 [0064.338] FlushFileBuffers (hFile=0x2bc) returned 1 [0064.897] FlushFileBuffers (hFile=0x32c) returned 1 [0064.900] CloseHandle (hObject=0x2bc) returned 1 [0064.902] CloseHandle (hObject=0x32c) returned 1 [0064.903] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1029\\setupresources.dll")) returned 1 [0064.904] SetEvent (hEvent=0x28c) returned 1 [0064.904] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0064.904] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=3419) returned 1 [0064.905] CloseHandle (hObject=0x32c) returned 1 [0064.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf")) returned 0x80 [0064.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf")) returned 0x80 [0064.905] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.905] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0064.905] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.905] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.905] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0064.907] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xd5b, lpOverlapped=0x0) returned 1 [0064.909] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xd60, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xd60, lpOverlapped=0x0) returned 1 [0064.909] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0064.910] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.910] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.910] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xd5b, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xd5b, lpOverlapped=0x0) returned 1 [0064.910] FlushFileBuffers (hFile=0x32c) returned 1 [0064.912] FlushFileBuffers (hFile=0x2bc) returned 1 [0064.913] CloseHandle (hObject=0x32c) returned 1 [0064.914] CloseHandle (hObject=0x2bc) returned 1 [0064.914] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf")) returned 1 [0064.915] SetEvent (hEvent=0x28c) returned 1 [0064.915] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0064.916] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=82346) returned 1 [0064.916] CloseHandle (hObject=0x2bc) returned 1 [0064.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml")) returned 0x80 [0064.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml")) returned 0x80 [0064.916] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.916] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0064.916] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.916] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.916] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0064.916] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x141aa, lpOverlapped=0x0) returned 1 [0064.919] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x141b0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x141b0, lpOverlapped=0x0) returned 1 [0064.922] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0064.922] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.922] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.922] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x141aa, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x141aa, lpOverlapped=0x0) returned 1 [0064.922] FlushFileBuffers (hFile=0x2bc) returned 1 [0064.924] FlushFileBuffers (hFile=0x32c) returned 1 [0064.925] CloseHandle (hObject=0x2bc) returned 1 [0064.927] CloseHandle (hObject=0x32c) returned 1 [0064.929] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml")) returned 1 [0064.931] SetEvent (hEvent=0x28c) returned 1 [0064.931] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0064.931] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=18776) returned 1 [0064.931] CloseHandle (hObject=0x32c) returned 1 [0064.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll")) returned 0x80 [0064.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll")) returned 0x80 [0064.931] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0064.931] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0064.931] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.932] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0064.932] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0064.932] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4958, lpOverlapped=0x0) returned 1 [0064.933] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4960, lpOverlapped=0x0) returned 1 [0064.935] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0064.935] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.935] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0064.935] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4958, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4958, lpOverlapped=0x0) returned 1 [0064.935] FlushFileBuffers (hFile=0x32c) returned 1 [0065.348] FlushFileBuffers (hFile=0x2bc) returned 1 [0065.349] CloseHandle (hObject=0x32c) returned 1 [0065.351] CloseHandle (hObject=0x2bc) returned 1 [0065.352] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1031\\setupresources.dll")) returned 1 [0065.353] SetEvent (hEvent=0x28c) returned 1 [0065.353] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0065.353] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=19288) returned 1 [0065.353] CloseHandle (hObject=0x2bc) returned 1 [0065.353] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll")) returned 0x80 [0065.353] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll")) returned 0x80 [0065.353] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0065.354] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0065.354] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0065.354] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0065.354] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0065.354] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4b58, lpOverlapped=0x0) returned 1 [0065.356] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4b60, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4b60, lpOverlapped=0x0) returned 1 [0065.357] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0065.357] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0065.357] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0065.357] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4b58, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4b58, lpOverlapped=0x0) returned 1 [0065.358] FlushFileBuffers (hFile=0x2bc) returned 1 [0066.332] FlushFileBuffers (hFile=0x32c) returned 1 [0067.178] CloseHandle (hObject=0x2bc) returned 1 [0067.179] CloseHandle (hObject=0x32c) returned 1 [0067.181] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1032\\setupresources.dll")) returned 1 [0067.182] SetEvent (hEvent=0x28c) returned 1 [0067.182] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0067.182] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=17240) returned 1 [0067.182] CloseHandle (hObject=0x32c) returned 1 [0067.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll")) returned 0x80 [0067.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll")) returned 0x80 [0067.182] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0067.182] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0067.182] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0067.183] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0067.183] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0067.183] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4358, lpOverlapped=0x0) returned 1 [0067.184] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4360, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4360, lpOverlapped=0x0) returned 1 [0067.186] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0067.186] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0067.186] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0067.186] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4358, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4358, lpOverlapped=0x0) returned 1 [0067.186] FlushFileBuffers (hFile=0x32c) returned 1 [0068.007] FlushFileBuffers (hFile=0x2bc) returned 1 [0068.009] CloseHandle (hObject=0x32c) returned 1 [0068.010] CloseHandle (hObject=0x2bc) returned 1 [0068.011] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1033\\setupresources.dll")) returned 1 [0068.012] SetEvent (hEvent=0x28c) returned 1 [0068.012] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0068.013] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=18264) returned 1 [0068.013] CloseHandle (hObject=0x2bc) returned 1 [0068.013] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll")) returned 0x80 [0068.013] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll")) returned 0x80 [0068.013] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.013] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0068.013] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.013] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.013] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0068.014] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4758, lpOverlapped=0x0) returned 1 [0068.015] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4760, lpOverlapped=0x0) returned 1 [0068.016] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0068.017] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.017] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.017] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4758, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4758, lpOverlapped=0x0) returned 1 [0068.017] FlushFileBuffers (hFile=0x2bc) returned 1 [0068.068] FlushFileBuffers (hFile=0x32c) returned 1 [0068.072] CloseHandle (hObject=0x2bc) returned 1 [0068.072] CloseHandle (hObject=0x32c) returned 1 [0068.073] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1035\\setupresources.dll")) returned 1 [0068.074] SetEvent (hEvent=0x28c) returned 1 [0068.074] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0068.075] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=82962) returned 1 [0068.075] CloseHandle (hObject=0x32c) returned 1 [0068.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml")) returned 0x80 [0068.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml")) returned 0x80 [0068.075] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.075] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0068.075] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.075] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.075] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0068.075] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x14412, lpOverlapped=0x0) returned 1 [0068.078] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x14420, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x14420, lpOverlapped=0x0) returned 1 [0068.081] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0068.081] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.081] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.081] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x14412, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x14412, lpOverlapped=0x0) returned 1 [0068.081] FlushFileBuffers (hFile=0x32c) returned 1 [0068.125] FlushFileBuffers (hFile=0x2bc) returned 1 [0068.128] CloseHandle (hObject=0x32c) returned 1 [0068.130] CloseHandle (hObject=0x2bc) returned 1 [0068.132] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml")) returned 1 [0068.133] SetEvent (hEvent=0x28c) returned 1 [0068.133] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0068.133] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=6851) returned 1 [0068.134] CloseHandle (hObject=0x2bc) returned 1 [0068.134] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf")) returned 0x80 [0068.134] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf")) returned 0x80 [0068.134] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.134] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0068.134] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.134] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.134] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0068.136] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x1ac3, lpOverlapped=0x0) returned 1 [0068.142] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1ad0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x1ad0, lpOverlapped=0x0) returned 1 [0068.143] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0068.143] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.143] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.143] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1ac3, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x1ac3, lpOverlapped=0x0) returned 1 [0068.143] FlushFileBuffers (hFile=0x2bc) returned 1 [0068.153] FlushFileBuffers (hFile=0x32c) returned 1 [0068.154] CloseHandle (hObject=0x2bc) returned 1 [0068.155] CloseHandle (hObject=0x32c) returned 1 [0068.156] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf")) returned 1 [0068.157] SetEvent (hEvent=0x28c) returned 1 [0068.157] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0068.158] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=16728) returned 1 [0068.158] CloseHandle (hObject=0x32c) returned 1 [0068.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll")) returned 0x80 [0068.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll")) returned 0x80 [0068.158] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.158] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0068.158] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.159] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.159] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0068.159] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4158, lpOverlapped=0x0) returned 1 [0068.160] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4160, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4160, lpOverlapped=0x0) returned 1 [0068.162] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0068.162] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.162] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.162] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4158, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4158, lpOverlapped=0x0) returned 1 [0068.162] FlushFileBuffers (hFile=0x32c) returned 1 [0068.524] FlushFileBuffers (hFile=0x2bc) returned 1 [0068.526] CloseHandle (hObject=0x32c) returned 1 [0068.527] CloseHandle (hObject=0x2bc) returned 1 [0068.528] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1037\\setupresources.dll")) returned 1 [0068.529] SetEvent (hEvent=0x28c) returned 1 [0068.529] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0068.530] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=18776) returned 1 [0068.530] CloseHandle (hObject=0x2bc) returned 1 [0068.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll")) returned 0x80 [0068.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll")) returned 0x80 [0068.530] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0068.531] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0068.531] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.531] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0068.531] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0068.531] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4958, lpOverlapped=0x0) returned 1 [0068.533] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4960, lpOverlapped=0x0) returned 1 [0068.534] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0068.534] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.534] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0068.534] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4958, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4958, lpOverlapped=0x0) returned 1 [0068.535] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.050] FlushFileBuffers (hFile=0x32c) returned 1 [0069.052] CloseHandle (hObject=0x2bc) returned 1 [0069.052] CloseHandle (hObject=0x32c) returned 1 [0069.053] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1038\\setupresources.dll")) returned 1 [0069.054] SetEvent (hEvent=0x28c) returned 1 [0069.055] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.056] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=18264) returned 1 [0069.056] CloseHandle (hObject=0x32c) returned 1 [0069.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll")) returned 0x80 [0069.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll")) returned 0x80 [0069.056] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.056] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.056] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.056] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.056] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0069.056] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4758, lpOverlapped=0x0) returned 1 [0069.058] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4760, lpOverlapped=0x0) returned 1 [0069.059] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0069.059] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.059] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.060] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4758, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4758, lpOverlapped=0x0) returned 1 [0069.060] FlushFileBuffers (hFile=0x32c) returned 1 [0069.258] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.274] CloseHandle (hObject=0x32c) returned 1 [0069.274] CloseHandle (hObject=0x2bc) returned 1 [0069.276] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\1040\\setupresources.dll")) returned 1 [0069.277] SetEvent (hEvent=0x28c) returned 1 [0069.277] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.277] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=68226) returned 1 [0069.277] CloseHandle (hObject=0x2bc) returned 1 [0069.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml")) returned 0x80 [0069.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml")) returned 0x80 [0069.278] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.278] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.278] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.278] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.278] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0069.278] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x10a82, lpOverlapped=0x0) returned 1 [0069.281] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x10a90, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x10a90, lpOverlapped=0x0) returned 1 [0069.283] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0069.283] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.284] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.284] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x10a82, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x10a82, lpOverlapped=0x0) returned 1 [0069.284] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.295] FlushFileBuffers (hFile=0x32c) returned 1 [0069.297] CloseHandle (hObject=0x2bc) returned 1 [0069.298] CloseHandle (hObject=0x32c) returned 1 [0069.300] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml")) returned 1 [0069.301] SetEvent (hEvent=0x28c) returned 1 [0069.302] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.302] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=12687) returned 1 [0069.302] CloseHandle (hObject=0x32c) returned 1 [0069.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf")) returned 0x80 [0069.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf")) returned 0x80 [0069.302] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.302] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.302] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.302] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.302] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0069.304] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x318f, lpOverlapped=0x0) returned 1 [0069.305] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x3190, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x3190, lpOverlapped=0x0) returned 1 [0069.306] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0069.307] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.307] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.307] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x318f, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x318f, lpOverlapped=0x0) returned 1 [0069.307] FlushFileBuffers (hFile=0x32c) returned 1 [0069.308] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.310] CloseHandle (hObject=0x32c) returned 1 [0069.311] CloseHandle (hObject=0x2bc) returned 1 [0069.312] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf")) returned 1 [0069.313] SetEvent (hEvent=0x28c) returned 1 [0069.313] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.313] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=65238) returned 1 [0069.313] CloseHandle (hObject=0x2bc) returned 1 [0069.313] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml")) returned 0x80 [0069.313] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml")) returned 0x80 [0069.313] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.313] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.313] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.313] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.314] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0069.314] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xfed6, lpOverlapped=0x0) returned 1 [0069.316] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xfee0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xfee0, lpOverlapped=0x0) returned 1 [0069.318] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0069.318] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.318] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.318] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xfed6, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xfed6, lpOverlapped=0x0) returned 1 [0069.318] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.438] FlushFileBuffers (hFile=0x32c) returned 1 [0069.448] CloseHandle (hObject=0x2bc) returned 1 [0069.450] CloseHandle (hObject=0x32c) returned 1 [0069.452] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml")) returned 1 [0069.453] SetEvent (hEvent=0x28c) returned 1 [0069.453] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.454] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=3546) returned 1 [0069.454] CloseHandle (hObject=0x32c) returned 1 [0069.454] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf")) returned 0x80 [0069.454] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf")) returned 0x80 [0069.454] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.454] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.454] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.454] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.454] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0069.456] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xdda, lpOverlapped=0x0) returned 1 [0069.457] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xde0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xde0, lpOverlapped=0x0) returned 1 [0069.458] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0069.458] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.458] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.458] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xdda, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xdda, lpOverlapped=0x0) returned 1 [0069.459] FlushFileBuffers (hFile=0x32c) returned 1 [0069.460] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.461] CloseHandle (hObject=0x32c) returned 1 [0069.462] CloseHandle (hObject=0x2bc) returned 1 [0069.463] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf")) returned 1 [0069.464] SetEvent (hEvent=0x28c) returned 1 [0069.464] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.464] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=79634) returned 1 [0069.464] CloseHandle (hObject=0x2bc) returned 1 [0069.464] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml")) returned 0x80 [0069.464] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml")) returned 0x80 [0069.464] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.464] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.464] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.464] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.465] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0069.465] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x13712, lpOverlapped=0x0) returned 1 [0069.468] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13720, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x13720, lpOverlapped=0x0) returned 1 [0069.470] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0069.470] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.470] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.470] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13712, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x13712, lpOverlapped=0x0) returned 1 [0069.470] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.508] FlushFileBuffers (hFile=0x32c) returned 1 [0069.517] CloseHandle (hObject=0x2bc) returned 1 [0069.521] CloseHandle (hObject=0x32c) returned 1 [0069.523] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml")) returned 1 [0069.525] SetEvent (hEvent=0x28c) returned 1 [0069.525] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.525] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=3046) returned 1 [0069.525] CloseHandle (hObject=0x32c) returned 1 [0069.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf")) returned 0x80 [0069.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf")) returned 0x80 [0069.525] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.525] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.525] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.525] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.526] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0069.531] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xbe6, lpOverlapped=0x0) returned 1 [0069.532] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xbf0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xbf0, lpOverlapped=0x0) returned 1 [0069.533] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0069.533] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.533] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.533] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xbe6, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xbe6, lpOverlapped=0x0) returned 1 [0069.533] FlushFileBuffers (hFile=0x32c) returned 1 [0069.536] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.537] CloseHandle (hObject=0x32c) returned 1 [0069.538] CloseHandle (hObject=0x2bc) returned 1 [0069.540] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf")) returned 1 [0069.541] SetEvent (hEvent=0x28c) returned 1 [0069.541] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.542] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=79296) returned 1 [0069.542] CloseHandle (hObject=0x2bc) returned 1 [0069.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml")) returned 0x80 [0069.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml")) returned 0x80 [0069.542] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.542] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.542] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.542] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.542] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0069.542] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x135c0, lpOverlapped=0x0) returned 1 [0069.549] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x135d0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x135d0, lpOverlapped=0x0) returned 1 [0069.551] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0069.551] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.551] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.551] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x135c0, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x135c0, lpOverlapped=0x0) returned 1 [0069.551] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.822] FlushFileBuffers (hFile=0x32c) returned 1 [0069.823] CloseHandle (hObject=0x2bc) returned 1 [0069.825] CloseHandle (hObject=0x32c) returned 1 [0069.859] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml")) returned 1 [0069.861] SetEvent (hEvent=0x28c) returned 1 [0069.861] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.861] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=4040) returned 1 [0069.861] CloseHandle (hObject=0x32c) returned 1 [0069.861] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf")) returned 0x80 [0069.861] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf")) returned 0x80 [0069.861] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.861] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0069.861] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.861] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.861] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0069.863] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xfc8, lpOverlapped=0x0) returned 1 [0069.865] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xfd0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xfd0, lpOverlapped=0x0) returned 1 [0069.865] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0069.866] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.866] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.866] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xfc8, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xfc8, lpOverlapped=0x0) returned 1 [0069.866] FlushFileBuffers (hFile=0x32c) returned 1 [0069.868] FlushFileBuffers (hFile=0x2bc) returned 1 [0069.869] CloseHandle (hObject=0x32c) returned 1 [0069.870] CloseHandle (hObject=0x2bc) returned 1 [0069.871] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf")) returned 1 [0069.872] SetEvent (hEvent=0x28c) returned 1 [0069.872] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.872] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=82374) returned 1 [0069.872] CloseHandle (hObject=0x2bc) returned 1 [0069.872] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml")) returned 0x80 [0069.872] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml")) returned 0x80 [0069.873] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0069.873] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0069.873] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.873] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0069.873] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0069.873] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x141c6, lpOverlapped=0x0) returned 1 [0069.878] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x141d0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x141d0, lpOverlapped=0x0) returned 1 [0069.880] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0069.880] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.880] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0069.880] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x141c6, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x141c6, lpOverlapped=0x0) returned 1 [0069.880] FlushFileBuffers (hFile=0x2bc) returned 1 [0070.080] FlushFileBuffers (hFile=0x32c) returned 1 [0070.081] CloseHandle (hObject=0x2bc) returned 1 [0070.084] CloseHandle (hObject=0x32c) returned 1 [0070.086] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml")) returned 1 [0070.087] SetEvent (hEvent=0x28c) returned 1 [0070.088] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0070.088] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=3683) returned 1 [0070.088] CloseHandle (hObject=0x32c) returned 1 [0070.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf")) returned 0x80 [0070.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf")) returned 0x80 [0070.088] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.088] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0070.088] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.088] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.088] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0070.090] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xe63, lpOverlapped=0x0) returned 1 [0070.093] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xe70, lpOverlapped=0x0) returned 1 [0070.094] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0070.094] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.094] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.094] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xe63, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xe63, lpOverlapped=0x0) returned 1 [0070.095] FlushFileBuffers (hFile=0x32c) returned 1 [0070.096] FlushFileBuffers (hFile=0x2bc) returned 1 [0070.098] CloseHandle (hObject=0x32c) returned 1 [0070.099] CloseHandle (hObject=0x2bc) returned 1 [0070.099] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf")) returned 1 [0070.100] SetEvent (hEvent=0x28c) returned 1 [0070.100] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0070.101] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=80738) returned 1 [0070.101] CloseHandle (hObject=0x2bc) returned 1 [0070.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml")) returned 0x80 [0070.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml")) returned 0x80 [0070.101] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.101] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0070.101] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.101] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.101] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0070.101] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x13b62, lpOverlapped=0x0) returned 1 [0070.104] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13b70, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x13b70, lpOverlapped=0x0) returned 1 [0070.106] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0070.106] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.106] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.106] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13b62, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x13b62, lpOverlapped=0x0) returned 1 [0070.106] FlushFileBuffers (hFile=0x2bc) returned 1 [0070.282] FlushFileBuffers (hFile=0x32c) returned 1 [0070.284] CloseHandle (hObject=0x2bc) returned 1 [0070.286] CloseHandle (hObject=0x32c) returned 1 [0070.288] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml")) returned 1 [0070.289] SetEvent (hEvent=0x28c) returned 1 [0070.289] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0070.290] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=54456) returned 1 [0070.290] CloseHandle (hObject=0x32c) returned 1 [0070.291] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf")) returned 0x80 [0070.291] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf")) returned 0x80 [0070.291] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.291] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0070.291] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.291] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.291] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0070.292] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xd4b8, lpOverlapped=0x0) returned 1 [0070.295] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xd4c0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xd4c0, lpOverlapped=0x0) returned 1 [0070.296] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0070.297] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.297] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.297] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xd4b8, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xd4b8, lpOverlapped=0x0) returned 1 [0070.297] FlushFileBuffers (hFile=0x32c) returned 1 [0070.299] FlushFileBuffers (hFile=0x2bc) returned 1 [0070.300] CloseHandle (hObject=0x32c) returned 1 [0070.302] CloseHandle (hObject=0x2bc) returned 1 [0070.303] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf")) returned 1 [0070.305] SetEvent (hEvent=0x28c) returned 1 [0070.305] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0070.305] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=81482) returned 1 [0070.305] CloseHandle (hObject=0x2bc) returned 1 [0070.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml")) returned 0x80 [0070.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml")) returned 0x80 [0070.305] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.305] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0070.305] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.305] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.306] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0070.306] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x13e4a, lpOverlapped=0x0) returned 1 [0070.309] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13e50, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x13e50, lpOverlapped=0x0) returned 1 [0070.311] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0070.311] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.311] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.311] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13e4a, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x13e4a, lpOverlapped=0x0) returned 1 [0070.311] FlushFileBuffers (hFile=0x2bc) returned 1 [0070.617] FlushFileBuffers (hFile=0x32c) returned 1 [0070.618] CloseHandle (hObject=0x2bc) returned 1 [0070.620] CloseHandle (hObject=0x32c) returned 1 [0070.622] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml")) returned 1 [0070.624] SetEvent (hEvent=0x28c) returned 1 [0070.624] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0070.624] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=3865) returned 1 [0070.624] CloseHandle (hObject=0x32c) returned 1 [0070.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf")) returned 0x80 [0070.624] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf")) returned 0x80 [0070.625] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.625] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0070.625] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.625] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.625] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0070.627] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xf19, lpOverlapped=0x0) returned 1 [0070.628] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf20, lpOverlapped=0x0) returned 1 [0070.629] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0070.629] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.629] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.629] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf19, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xf19, lpOverlapped=0x0) returned 1 [0070.630] FlushFileBuffers (hFile=0x32c) returned 1 [0070.632] FlushFileBuffers (hFile=0x2bc) returned 1 [0070.633] CloseHandle (hObject=0x32c) returned 1 [0070.633] CloseHandle (hObject=0x2bc) returned 1 [0070.634] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf")) returned 1 [0070.635] SetEvent (hEvent=0x28c) returned 1 [0070.635] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0070.635] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=77680) returned 1 [0070.635] CloseHandle (hObject=0x2bc) returned 1 [0070.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml")) returned 0x80 [0070.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml")) returned 0x80 [0070.636] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0070.636] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0070.636] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.636] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0070.636] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0070.636] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x12f70, lpOverlapped=0x0) returned 1 [0070.639] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x12f80, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x12f80, lpOverlapped=0x0) returned 1 [0070.641] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0070.641] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.641] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0070.641] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x12f70, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x12f70, lpOverlapped=0x0) returned 1 [0070.641] FlushFileBuffers (hFile=0x2bc) returned 1 [0071.077] FlushFileBuffers (hFile=0x32c) returned 1 [0071.079] CloseHandle (hObject=0x2bc) returned 1 [0071.081] CloseHandle (hObject=0x32c) returned 1 [0071.083] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml")) returned 1 [0071.085] SetEvent (hEvent=0x28c) returned 1 [0071.085] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0071.085] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=3859) returned 1 [0071.085] CloseHandle (hObject=0x32c) returned 1 [0071.085] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf")) returned 0x80 [0071.085] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf")) returned 0x80 [0071.085] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0071.086] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0071.086] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0071.086] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0071.086] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0071.088] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xf13, lpOverlapped=0x0) returned 1 [0071.089] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf20, lpOverlapped=0x0) returned 1 [0071.090] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0071.090] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0071.090] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0071.090] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf13, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xf13, lpOverlapped=0x0) returned 1 [0071.090] FlushFileBuffers (hFile=0x32c) returned 1 [0071.093] FlushFileBuffers (hFile=0x2bc) returned 1 [0071.094] CloseHandle (hObject=0x32c) returned 1 [0071.095] CloseHandle (hObject=0x2bc) returned 1 [0071.096] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf")) returned 1 [0071.097] SetEvent (hEvent=0x28c) returned 1 [0071.097] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0071.097] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=76818) returned 1 [0071.097] CloseHandle (hObject=0x2bc) returned 1 [0071.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml")) returned 0x80 [0071.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml")) returned 0x80 [0071.097] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0071.098] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0071.098] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0071.098] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0071.098] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0071.098] ReadFile (in: hFile=0x2bc, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x12c12, lpOverlapped=0x0) returned 1 [0071.100] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x12c20, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x12c20, lpOverlapped=0x0) returned 1 [0071.102] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0071.103] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0071.103] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0071.103] WriteFile (in: hFile=0x2bc, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x12c12, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x12c12, lpOverlapped=0x0) returned 1 [0071.103] FlushFileBuffers (hFile=0x2bc) returned 1 [0071.704] FlushFileBuffers (hFile=0x32c) returned 1 [0071.705] CloseHandle (hObject=0x2bc) returned 1 [0071.708] CloseHandle (hObject=0x32c) returned 1 [0071.709] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml")) returned 1 [0071.711] SetEvent (hEvent=0x28c) returned 1 [0071.711] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0071.711] GetFileSizeEx (in: hFile=0x32c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=5827) returned 1 [0071.711] CloseHandle (hObject=0x32c) returned 1 [0071.711] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf")) returned 0x80 [0071.711] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf")) returned 0x80 [0071.711] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0071.712] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x32c [0071.712] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0071.712] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0071.712] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0071.721] ReadFile (in: hFile=0x32c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x16c3, lpOverlapped=0x0) returned 1 [0071.724] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x16d0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x16d0, lpOverlapped=0x0) returned 1 [0071.725] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0071.725] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0071.725] SetFilePointerEx (in: hFile=0x32c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0071.725] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x16c3, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x16c3, lpOverlapped=0x0) returned 1 [0071.725] FlushFileBuffers (hFile=0x32c) returned 1 [0072.253] FlushFileBuffers (hFile=0x314) returned 1 [0072.255] CloseHandle (hObject=0x32c) returned 1 [0072.256] CloseHandle (hObject=0x314) returned 1 [0072.256] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf")) returned 1 [0072.257] SetEvent (hEvent=0x28c) returned 1 [0072.257] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0072.258] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=14168) returned 1 [0072.258] CloseHandle (hObject=0x314) returned 1 [0072.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll")) returned 0x80 [0072.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll")) returned 0x80 [0072.258] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.258] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0072.258] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0072.258] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0072.258] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0072.258] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x3758, lpOverlapped=0x0) returned 1 [0072.260] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x3760, lpOverlapped=0x0) returned 1 [0072.261] WriteFile (in: hFile=0x32c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0072.262] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0072.262] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0072.262] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x3758, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x3758, lpOverlapped=0x0) returned 1 [0072.262] FlushFileBuffers (hFile=0x314) returned 1 [0072.484] FlushFileBuffers (hFile=0x32c) returned 1 [0072.491] CloseHandle (hObject=0x314) returned 1 [0072.492] CloseHandle (hObject=0x32c) returned 1 [0072.493] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\2052\\setupresources.dll")) returned 1 [0072.494] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0072.501] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=80254) returned 1 [0072.501] CloseHandle (hObject=0x314) returned 1 [0072.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml")) returned 0x80 [0072.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml")) returned 0x80 [0072.501] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.501] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0072.501] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0072.502] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0072.502] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0072.504] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x1397e, lpOverlapped=0x0) returned 1 [0072.507] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13980, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x13980, lpOverlapped=0x0) returned 1 [0072.509] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0072.509] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0072.509] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0072.509] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1397e, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x1397e, lpOverlapped=0x0) returned 1 [0072.510] FlushFileBuffers (hFile=0x314) returned 1 [0072.593] FlushFileBuffers (hFile=0x310) returned 1 [0072.594] CloseHandle (hObject=0x314) returned 1 [0072.597] CloseHandle (hObject=0x310) returned 1 [0072.599] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml")) returned 1 [0072.600] SetEvent (hEvent=0x28c) returned 1 [0072.601] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0072.601] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=6309) returned 1 [0072.601] CloseHandle (hObject=0x310) returned 1 [0072.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf")) returned 0x80 [0072.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf")) returned 0x80 [0072.601] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0072.601] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0072.601] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0072.601] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0072.601] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0072.603] ReadFile (in: hFile=0x310, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x18a5, lpOverlapped=0x0) returned 1 [0072.610] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x18b0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x18b0, lpOverlapped=0x0) returned 1 [0072.611] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0072.612] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0072.612] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0072.612] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x18a5, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x18a5, lpOverlapped=0x0) returned 1 [0072.612] FlushFileBuffers (hFile=0x310) returned 1 [0073.090] FlushFileBuffers (hFile=0x314) returned 1 [0073.092] CloseHandle (hObject=0x310) returned 1 [0073.092] CloseHandle (hObject=0x314) returned 1 [0073.093] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\3076\\eula.rtf")) returned 1 [0073.094] SetEvent (hEvent=0x28c) returned 1 [0073.094] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0073.094] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=14168) returned 1 [0073.094] CloseHandle (hObject=0x314) returned 1 [0073.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll")) returned 0x80 [0073.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll")) returned 0x80 [0073.094] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0073.094] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0073.095] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0073.095] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0073.095] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0073.095] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x3758, lpOverlapped=0x0) returned 1 [0073.097] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x3760, lpOverlapped=0x0) returned 1 [0073.098] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0073.098] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0073.098] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0073.098] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x3758, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x3758, lpOverlapped=0x0) returned 1 [0073.098] FlushFileBuffers (hFile=0x314) returned 1 [0074.229] FlushFileBuffers (hFile=0x310) returned 1 [0074.232] CloseHandle (hObject=0x314) returned 1 [0074.233] CloseHandle (hObject=0x310) returned 1 [0074.234] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3076\\setupresources.dll")) returned 1 [0074.236] SetEvent (hEvent=0x28c) returned 1 [0074.236] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0074.236] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=18776) returned 1 [0074.236] CloseHandle (hObject=0x310) returned 1 [0074.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll")) returned 0x80 [0074.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll")) returned 0x80 [0074.236] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.236] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0074.237] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0074.237] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0074.237] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\SetupResources.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0074.237] ReadFile (in: hFile=0x310, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x4958, lpOverlapped=0x0) returned 1 [0074.239] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4960, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x4960, lpOverlapped=0x0) returned 1 [0074.241] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0074.241] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0074.241] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0074.241] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x4958, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x4958, lpOverlapped=0x0) returned 1 [0074.241] FlushFileBuffers (hFile=0x310) returned 1 [0074.361] FlushFileBuffers (hFile=0x314) returned 1 [0074.363] CloseHandle (hObject=0x310) returned 1 [0074.364] CloseHandle (hObject=0x314) returned 1 [0074.366] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3082\\SetupResources.dll" (normalized: "c:\\588bce7c90097ed212\\3082\\setupresources.dll")) returned 1 [0074.367] SetEvent (hEvent=0x28c) returned 1 [0074.367] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0074.368] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=39042) returned 1 [0074.368] CloseHandle (hObject=0x314) returned 1 [0074.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml")) returned 0x80 [0074.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml")) returned 0x80 [0074.375] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.375] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0074.376] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0074.376] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0074.376] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0074.389] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x9882, lpOverlapped=0x0) returned 1 [0074.394] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x9890, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x9890, lpOverlapped=0x0) returned 1 [0074.396] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0074.396] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0074.396] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0074.396] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x9882, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x9882, lpOverlapped=0x0) returned 1 [0074.396] FlushFileBuffers (hFile=0x314) returned 1 [0074.402] FlushFileBuffers (hFile=0x328) returned 1 [0074.403] CloseHandle (hObject=0x314) returned 1 [0074.404] CloseHandle (hObject=0x328) returned 1 [0074.405] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Client\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\client\\uiinfo.xml")) returned 1 [0074.407] SetEvent (hEvent=0x28c) returned 1 [0074.407] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0074.407] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=88533) returned 1 [0074.407] CloseHandle (hObject=0x328) returned 1 [0074.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico")) returned 0x80 [0074.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico")) returned 0x80 [0074.407] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0074.407] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0074.407] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0074.407] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0074.408] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0074.408] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x159d5, lpOverlapped=0x0) returned 1 [0074.410] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x159e0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x159e0, lpOverlapped=0x0) returned 1 [0074.413] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0074.413] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0074.413] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0074.413] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x159d5, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x159d5, lpOverlapped=0x0) returned 1 [0074.413] FlushFileBuffers (hFile=0x328) returned 1 [0075.295] FlushFileBuffers (hFile=0x314) returned 1 [0075.297] CloseHandle (hObject=0x328) returned 1 [0075.299] CloseHandle (hObject=0x314) returned 1 [0075.302] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\DisplayIcon.ico" (normalized: "c:\\588bce7c90097ed212\\displayicon.ico")) returned 1 [0075.303] SetEvent (hEvent=0x28c) returned 1 [0075.304] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0075.304] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=39050) returned 1 [0075.304] CloseHandle (hObject=0x314) returned 1 [0075.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml")) returned 0x80 [0075.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml")) returned 0x80 [0075.304] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.304] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0075.304] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0075.304] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0075.304] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0075.306] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x988a, lpOverlapped=0x0) returned 1 [0075.308] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x9890, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x9890, lpOverlapped=0x0) returned 1 [0075.310] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0075.310] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0075.310] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0075.310] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x988a, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x988a, lpOverlapped=0x0) returned 1 [0075.311] FlushFileBuffers (hFile=0x314) returned 1 [0075.780] FlushFileBuffers (hFile=0x328) returned 1 [0075.782] CloseHandle (hObject=0x314) returned 1 [0075.784] CloseHandle (hObject=0x328) returned 1 [0075.785] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Extended\\UiInfo.xml" (normalized: "c:\\588bce7c90097ed212\\extended\\uiinfo.xml")) returned 1 [0075.787] SetEvent (hEvent=0x28c) returned 1 [0075.787] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0075.787] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=894) returned 1 [0075.787] CloseHandle (hObject=0x328) returned 1 [0075.787] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico")) returned 0x80 [0075.787] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico")) returned 0x80 [0075.787] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.787] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0075.787] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0075.787] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0075.788] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0075.788] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x37e, lpOverlapped=0x0) returned 1 [0075.789] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x380, lpOverlapped=0x0) returned 1 [0075.791] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0075.791] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0075.791] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0075.791] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x37e, lpOverlapped=0x0) returned 1 [0075.791] FlushFileBuffers (hFile=0x328) returned 1 [0075.801] FlushFileBuffers (hFile=0x314) returned 1 [0075.911] CloseHandle (hObject=0x328) returned 1 [0075.912] CloseHandle (hObject=0x314) returned 1 [0075.913] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate1.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate1.ico")) returned 1 [0075.914] SetEvent (hEvent=0x28c) returned 1 [0075.915] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0075.915] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=894) returned 1 [0075.915] CloseHandle (hObject=0x314) returned 1 [0075.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico")) returned 0x80 [0075.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico")) returned 0x80 [0075.915] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0075.915] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0075.915] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0075.916] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0075.916] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0075.916] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x37e, lpOverlapped=0x0) returned 1 [0075.918] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x380, lpOverlapped=0x0) returned 1 [0075.919] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0075.919] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0075.919] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0075.919] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x37e, lpOverlapped=0x0) returned 1 [0075.919] FlushFileBuffers (hFile=0x314) returned 1 [0076.428] FlushFileBuffers (hFile=0x328) returned 1 [0076.430] CloseHandle (hObject=0x314) returned 1 [0076.430] CloseHandle (hObject=0x328) returned 1 [0076.431] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate3.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate3.ico")) returned 1 [0076.432] SetEvent (hEvent=0x28c) returned 1 [0076.432] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0076.433] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=894) returned 1 [0076.433] CloseHandle (hObject=0x328) returned 1 [0076.433] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico")) returned 0x80 [0076.433] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico")) returned 0x80 [0076.433] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.433] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0076.433] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.433] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.433] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0076.433] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x37e, lpOverlapped=0x0) returned 1 [0076.435] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x380, lpOverlapped=0x0) returned 1 [0076.436] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0076.436] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.436] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.436] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x37e, lpOverlapped=0x0) returned 1 [0076.436] FlushFileBuffers (hFile=0x328) returned 1 [0076.438] FlushFileBuffers (hFile=0x314) returned 1 [0076.443] CloseHandle (hObject=0x328) returned 1 [0076.444] CloseHandle (hObject=0x314) returned 1 [0076.444] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate5.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate5.ico")) returned 1 [0076.445] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.445] GetFileSizeEx (in: hFile=0x314, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=894) returned 1 [0076.445] CloseHandle (hObject=0x314) returned 1 [0076.446] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico")) returned 0x80 [0076.446] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico")) returned 0x80 [0076.446] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.446] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x314 [0076.446] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.446] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.446] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x328 [0076.446] ReadFile (in: hFile=0x314, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x37e, lpOverlapped=0x0) returned 1 [0076.456] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x380, lpOverlapped=0x0) returned 1 [0076.457] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0076.457] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.457] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.457] WriteFile (in: hFile=0x314, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x37e, lpOverlapped=0x0) returned 1 [0076.457] FlushFileBuffers (hFile=0x314) returned 1 [0076.460] FlushFileBuffers (hFile=0x328) returned 1 [0076.464] CloseHandle (hObject=0x314) returned 1 [0076.465] CloseHandle (hObject=0x328) returned 1 [0076.465] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Rotate7.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\rotate7.ico")) returned 1 [0076.467] SetEvent (hEvent=0x28c) returned 1 [0076.467] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0076.470] GetFileSizeEx (in: hFile=0x2bc, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=1150) returned 1 [0076.470] CloseHandle (hObject=0x2bc) returned 1 [0076.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico")) returned 0x80 [0076.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico")) returned 0x80 [0076.470] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.473] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0076.474] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.474] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.474] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0076.475] ReadFile (in: hFile=0x310, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x47e, lpOverlapped=0x0) returned 1 [0076.477] WriteFile (in: hFile=0x308, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x480, lpOverlapped=0x0) returned 1 [0076.478] WriteFile (in: hFile=0x308, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0076.478] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.478] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.478] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x47e, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x47e, lpOverlapped=0x0) returned 1 [0076.478] FlushFileBuffers (hFile=0x310) returned 1 [0076.489] FlushFileBuffers (hFile=0x308) returned 1 [0076.492] CloseHandle (hObject=0x310) returned 1 [0076.492] CloseHandle (hObject=0x308) returned 1 [0076.493] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\Save.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\save.ico")) returned 1 [0076.494] SetEvent (hEvent=0x28c) returned 1 [0076.494] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x308 [0076.494] GetFileSizeEx (in: hFile=0x308, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=10134) returned 1 [0076.494] CloseHandle (hObject=0x308) returned 1 [0076.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico")) returned 0x80 [0076.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico")) returned 0x80 [0076.494] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0076.494] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x308 [0076.494] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.494] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0076.494] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0076.495] ReadFile (in: hFile=0x308, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x2796, lpOverlapped=0x0) returned 1 [0076.496] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x27a0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x27a0, lpOverlapped=0x0) returned 1 [0076.497] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0076.497] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.498] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0076.498] WriteFile (in: hFile=0x308, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x2796, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x2796, lpOverlapped=0x0) returned 1 [0076.498] FlushFileBuffers (hFile=0x308) returned 1 [0076.597] FlushFileBuffers (hFile=0x310) returned 1 [0076.600] CloseHandle (hObject=0x308) returned 1 [0076.600] CloseHandle (hObject=0x310) returned 1 [0076.601] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Graphics\\stop.ico" (normalized: "c:\\588bce7c90097ed212\\graphics\\stop.ico")) returned 1 [0076.602] SetEvent (hEvent=0x28c) returned 1 [0076.602] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0076.603] GetFileSizeEx (in: hFile=0x310, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=181483595) returned 1 [0076.603] CloseHandle (hObject=0x310) returned 1 [0076.607] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz")) returned 0x80 [0076.607] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0076.607] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Core.mzz.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_core.mzz.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x310 [0076.608] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0076.608] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0076.608] ReadFile (in: hFile=0x310, lpBuffer=0x4d88058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4d88058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0076.616] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x39b12c3, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0076.616] ReadFile (in: hFile=0x310, lpBuffer=0x4dc8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4dc8058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0076.621] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xacd384b, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0076.621] ReadFile (in: hFile=0x310, lpBuffer=0x4e08058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4e08058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0076.635] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe80 | out: lpNewFilePointer=0x0) returned 1 [0076.635] WriteFile (in: hFile=0x310, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x10afe78, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe78*=0xc0112, lpOverlapped=0x0) returned 1 [0076.649] SetEndOfFile (hFile=0x310) returned 1 [0076.649] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xacd384b, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0076.649] WriteFile (in: hFile=0x310, lpBuffer=0x4e4814a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4814a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0077.050] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x39b12c3, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0077.050] WriteFile (in: hFile=0x310, lpBuffer=0x4e4814a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4814a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0077.051] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0077.051] WriteFile (in: hFile=0x310, lpBuffer=0x4e4814a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4814a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0077.052] FlushFileBuffers (hFile=0x310) returned 1 [0077.092] CloseHandle (hObject=0x310) returned 1 [0079.425] SetEvent (hEvent=0x28c) returned 1 [0079.426] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0079.426] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=43131591) returned 1 [0079.426] CloseHandle (hObject=0x330) returned 1 [0079.426] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz")) returned 0x20 [0079.426] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0079.427] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\netfx_Extended.mzz.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\netfx_extended.mzz.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0079.427] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0079.427] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0079.427] ReadFile (in: hFile=0x330, lpBuffer=0x4d88058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4d88058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0079.432] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0xdb60ed, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0079.433] ReadFile (in: hFile=0x330, lpBuffer=0x4dc8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4dc8058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0079.435] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x28e22c7, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0079.435] ReadFile (in: hFile=0x330, lpBuffer=0x4e08058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4e08058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0079.451] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe80 | out: lpNewFilePointer=0x0) returned 1 [0079.451] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xc0112, lpNumberOfBytesWritten=0x10afe78, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe78*=0xc0112, lpOverlapped=0x0) returned 1 [0079.760] SetEndOfFile (hFile=0x330) returned 1 [0079.760] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x28e22c7, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0079.760] WriteFile (in: hFile=0x330, lpBuffer=0x4e4814a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4814a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0079.761] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0xdb60ed, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0079.761] WriteFile (in: hFile=0x330, lpBuffer=0x4e4814a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4814a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0079.762] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0079.762] WriteFile (in: hFile=0x330, lpBuffer=0x4e4814a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4814a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0079.763] FlushFileBuffers (hFile=0x330) returned 1 [0080.056] CloseHandle (hObject=0x330) returned 1 [0081.592] SetEvent (hEvent=0x28c) returned 1 [0081.593] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0081.594] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=272046) returned 1 [0081.594] CloseHandle (hObject=0x330) returned 1 [0081.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml")) returned 0x80 [0081.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml")) returned 0x80 [0081.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0081.594] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0081.594] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.594] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.594] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0081.594] ReadFile (in: hFile=0x330, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x426ae, lpOverlapped=0x0) returned 1 [0081.600] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x426b0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x426b0, lpOverlapped=0x0) returned 1 [0081.606] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0081.606] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.606] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.606] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x426ae, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x426ae, lpOverlapped=0x0) returned 1 [0081.607] FlushFileBuffers (hFile=0x330) returned 1 [0081.610] FlushFileBuffers (hFile=0x21c) returned 1 [0081.618] CloseHandle (hObject=0x330) returned 1 [0081.623] CloseHandle (hObject=0x21c) returned 1 [0081.628] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\ParameterInfo.xml" (normalized: "c:\\588bce7c90097ed212\\parameterinfo.xml")) returned 1 [0081.632] SetEvent (hEvent=0x28c) returned 1 [0081.632] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0081.632] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=184832) returned 1 [0081.632] CloseHandle (hObject=0x21c) returned 1 [0081.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi")) returned 0x80 [0081.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi")) returned 0x80 [0081.632] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9RAST_x64.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0081.632] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0081.632] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.633] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.633] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9RAST_x64.msi.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x330 [0081.633] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x2d200, lpOverlapped=0x0) returned 1 [0081.660] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x2d210, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x2d210, lpOverlapped=0x0) returned 1 [0081.663] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0081.663] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.664] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.664] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x2d200, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x2d200, lpOverlapped=0x0) returned 1 [0081.664] FlushFileBuffers (hFile=0x21c) returned 1 [0081.704] FlushFileBuffers (hFile=0x330) returned 1 [0081.706] CloseHandle (hObject=0x21c) returned 1 [0081.710] CloseHandle (hObject=0x330) returned 1 [0081.714] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\RGB9RAST_x64.msi" (normalized: "c:\\588bce7c90097ed212\\rgb9rast_x64.msi")) returned 1 [0081.716] SetEvent (hEvent=0x28c) returned 1 [0081.716] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0081.716] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=78152) returned 1 [0081.716] CloseHandle (hObject=0x330) returned 1 [0081.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe")) returned 0x80 [0081.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe")) returned 0x80 [0081.717] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Setup.exe.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setup.exe.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0081.717] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0081.717] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.717] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.717] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Setup.exe.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setup.exe.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0081.717] ReadFile (in: hFile=0x330, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x13148, lpOverlapped=0x0) returned 1 [0081.721] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13150, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x13150, lpOverlapped=0x0) returned 1 [0081.723] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0081.723] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.724] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.724] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x13148, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x13148, lpOverlapped=0x0) returned 1 [0081.724] FlushFileBuffers (hFile=0x330) returned 1 [0081.774] FlushFileBuffers (hFile=0x21c) returned 1 [0081.775] CloseHandle (hObject=0x330) returned 1 [0081.778] CloseHandle (hObject=0x21c) returned 1 [0081.780] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Setup.exe" (normalized: "c:\\588bce7c90097ed212\\setup.exe")) returned 1 [0081.781] SetEvent (hEvent=0x28c) returned 1 [0081.781] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0081.782] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=295248) returned 1 [0081.782] CloseHandle (hObject=0x21c) returned 1 [0081.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll")) returned 0x80 [0081.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll")) returned 0x80 [0081.782] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setupui.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0081.782] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0081.782] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.782] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0081.782] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setupui.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x330 [0081.782] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x48150, lpOverlapped=0x0) returned 1 [0081.788] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x48160, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x48160, lpOverlapped=0x0) returned 1 [0081.794] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0081.794] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.794] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0081.794] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x48150, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x48150, lpOverlapped=0x0) returned 1 [0081.795] FlushFileBuffers (hFile=0x21c) returned 1 [0082.037] FlushFileBuffers (hFile=0x330) returned 1 [0082.041] CloseHandle (hObject=0x21c) returned 1 [0082.048] CloseHandle (hObject=0x330) returned 1 [0082.055] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.dll" (normalized: "c:\\588bce7c90097ed212\\setupui.dll")) returned 1 [0082.059] SetEvent (hEvent=0x28c) returned 1 [0082.059] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0082.060] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=30120) returned 1 [0082.060] CloseHandle (hObject=0x330) returned 1 [0082.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd")) returned 0x80 [0082.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd")) returned 0x80 [0082.060] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0082.060] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0082.060] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.061] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.061] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0082.062] ReadFile (in: hFile=0x330, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x75a8, lpOverlapped=0x0) returned 1 [0082.064] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x75b0, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x75b0, lpOverlapped=0x0) returned 1 [0082.066] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0082.066] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.066] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.066] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x75a8, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x75a8, lpOverlapped=0x0) returned 1 [0082.067] FlushFileBuffers (hFile=0x330) returned 1 [0082.071] FlushFileBuffers (hFile=0x21c) returned 1 [0082.073] CloseHandle (hObject=0x330) returned 1 [0082.074] CloseHandle (hObject=0x21c) returned 1 [0082.076] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUi.xsd" (normalized: "c:\\588bce7c90097ed212\\setupui.xsd")) returned 1 [0082.078] SetEvent (hEvent=0x28c) returned 1 [0082.078] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0082.078] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=96088) returned 1 [0082.078] CloseHandle (hObject=0x21c) returned 1 [0082.078] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe")) returned 0x80 [0082.078] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe")) returned 0x80 [0082.079] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUtility.exe.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0082.079] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0082.079] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.079] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.079] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUtility.exe.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x330 [0082.079] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x17758, lpOverlapped=0x0) returned 1 [0082.082] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x17760, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x17760, lpOverlapped=0x0) returned 1 [0082.085] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0082.085] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.085] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.086] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x17758, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x17758, lpOverlapped=0x0) returned 1 [0082.086] FlushFileBuffers (hFile=0x21c) returned 1 [0082.264] FlushFileBuffers (hFile=0x330) returned 1 [0082.265] CloseHandle (hObject=0x21c) returned 1 [0082.267] CloseHandle (hObject=0x330) returned 1 [0082.270] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\SetupUtility.exe" (normalized: "c:\\588bce7c90097ed212\\setuputility.exe")) returned 1 [0082.271] SetEvent (hEvent=0x28c) returned 1 [0082.271] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0082.271] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=144416) returned 1 [0082.271] CloseHandle (hObject=0x330) returned 1 [0082.271] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll")) returned 0x80 [0082.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll")) returned 0x80 [0082.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\sqmapi.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0082.272] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0082.272] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.272] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.272] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\sqmapi.dll.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0082.272] ReadFile (in: hFile=0x330, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x23420, lpOverlapped=0x0) returned 1 [0082.275] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x23430, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x23430, lpOverlapped=0x0) returned 1 [0082.278] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0082.278] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.278] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.278] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x23420, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x23420, lpOverlapped=0x0) returned 1 [0082.279] FlushFileBuffers (hFile=0x330) returned 1 [0082.448] FlushFileBuffers (hFile=0x21c) returned 1 [0082.449] CloseHandle (hObject=0x330) returned 1 [0082.454] CloseHandle (hObject=0x21c) returned 1 [0082.458] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\sqmapi.dll" (normalized: "c:\\588bce7c90097ed212\\sqmapi.dll")) returned 1 [0082.460] SetEvent (hEvent=0x28c) returned 1 [0082.460] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0082.461] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=14084) returned 1 [0082.461] CloseHandle (hObject=0x21c) returned 1 [0082.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml")) returned 0x80 [0082.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml")) returned 0x80 [0082.461] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\strings.xml.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0082.461] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0082.461] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.461] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.462] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\strings.xml.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x330 [0082.462] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x3704, lpOverlapped=0x0) returned 1 [0082.464] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x3710, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x3710, lpOverlapped=0x0) returned 1 [0082.467] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0082.479] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.479] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.479] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x3704, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x3704, lpOverlapped=0x0) returned 1 [0082.482] FlushFileBuffers (hFile=0x21c) returned 1 [0082.728] FlushFileBuffers (hFile=0x330) returned 1 [0082.732] CloseHandle (hObject=0x21c) returned 1 [0082.735] CloseHandle (hObject=0x330) returned 1 [0082.736] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Strings.xml" (normalized: "c:\\588bce7c90097ed212\\strings.xml")) returned 1 [0082.737] SetEvent (hEvent=0x28c) returned 1 [0082.737] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0082.737] GetFileSizeEx (in: hFile=0x330, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=104072) returned 1 [0082.738] CloseHandle (hObject=0x330) returned 1 [0082.738] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp")) returned 0x80 [0082.738] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp")) returned 0x80 [0082.738] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0082.738] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x330 [0082.738] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.738] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0082.738] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0082.738] ReadFile (in: hFile=0x330, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x19688, lpOverlapped=0x0) returned 1 [0082.743] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x19690, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x19690, lpOverlapped=0x0) returned 1 [0082.746] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0082.746] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.746] SetFilePointerEx (in: hFile=0x330, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0082.746] WriteFile (in: hFile=0x330, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x19688, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x19688, lpOverlapped=0x0) returned 1 [0082.746] FlushFileBuffers (hFile=0x330) returned 1 [0082.813] FlushFileBuffers (hFile=0x21c) returned 1 [0082.815] CloseHandle (hObject=0x330) returned 1 [0082.818] CloseHandle (hObject=0x21c) returned 1 [0082.821] DeleteFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\watermark.bmp" (normalized: "c:\\588bce7c90097ed212\\watermark.bmp")) returned 1 [0082.822] SetEvent (hEvent=0x28c) returned 1 [0082.822] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0082.823] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=2192672) returned 1 [0082.823] CloseHandle (hObject=0x21c) returned 1 [0082.823] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu")) returned 0x80 [0082.823] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0082.823] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.0-kb956250-v6001-x86.msu.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0082.823] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0082.824] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0082.824] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4d88058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0082.831] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xb270a, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0082.831] ReadFile (in: hFile=0x21c, lpBuffer=0x4dc8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4dc8058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0082.834] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x1d7520, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0082.834] ReadFile (in: hFile=0x21c, lpBuffer=0x4e08058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4e08058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0082.855] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe80 | out: lpNewFilePointer=0x0) returned 1 [0082.855] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xc0132, lpNumberOfBytesWritten=0x10afe78, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe78*=0xc0132, lpOverlapped=0x0) returned 1 [0083.389] SetEndOfFile (hFile=0x21c) returned 1 [0083.389] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x1d7520, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0083.389] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0083.391] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xb270a, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0083.391] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0083.393] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0083.393] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0083.394] FlushFileBuffers (hFile=0x21c) returned 1 [0083.551] CloseHandle (hObject=0x21c) returned 1 [0083.759] SetEvent (hEvent=0x28c) returned 1 [0083.760] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0083.760] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=5091790) returned 1 [0083.760] CloseHandle (hObject=0x21c) returned 1 [0083.761] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu")) returned 0x80 [0083.761] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0083.761] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x64.msu.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0083.761] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0083.761] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0083.761] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4d88058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0083.765] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x19e5ef, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0083.765] ReadFile (in: hFile=0x21c, lpBuffer=0x4dc8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4dc8058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0083.768] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x49b1ce, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0083.768] ReadFile (in: hFile=0x21c, lpBuffer=0x4e08058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4e08058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0083.779] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe80 | out: lpNewFilePointer=0x0) returned 1 [0084.099] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xc0132, lpNumberOfBytesWritten=0x10afe78, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe78*=0xc0132, lpOverlapped=0x0) returned 1 [0084.121] SetEndOfFile (hFile=0x21c) returned 1 [0084.121] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x49b1ce, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0084.121] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0084.123] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x19e5ef, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0084.123] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0084.125] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0084.125] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0084.126] FlushFileBuffers (hFile=0x21c) returned 1 [0084.135] CloseHandle (hObject=0x21c) returned 1 [0084.136] SetEvent (hEvent=0x28c) returned 1 [0084.136] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0084.136] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=2141433) returned 1 [0084.136] CloseHandle (hObject=0x21c) returned 1 [0084.136] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu")) returned 0x80 [0084.136] MoveFileW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0084.137] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\588bce7c90097ed212\\windows6.1-kb958488-v6001-x86.msu.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0084.137] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0084.137] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0084.137] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4d88058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0084.141] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xae453, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0084.141] ReadFile (in: hFile=0x21c, lpBuffer=0x4dc8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4dc8058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0084.144] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x1cacf9, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0084.144] ReadFile (in: hFile=0x21c, lpBuffer=0x4e08058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4e08058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0084.180] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe80 | out: lpNewFilePointer=0x0) returned 1 [0084.180] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xc0132, lpNumberOfBytesWritten=0x10afe78, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe78*=0xc0132, lpOverlapped=0x0) returned 1 [0084.192] SetEndOfFile (hFile=0x21c) returned 1 [0084.421] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x1cacf9, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0084.421] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0084.422] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xae453, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0084.422] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0084.424] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0084.424] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4816a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4816a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0084.426] FlushFileBuffers (hFile=0x21c) returned 1 [0084.654] CloseHandle (hObject=0x21c) returned 1 [0084.654] SetEvent (hEvent=0x28c) returned 1 [0084.654] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0084.655] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=395226) returned 1 [0084.655] CloseHandle (hObject=0x21c) returned 1 [0084.655] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr")) returned 0x27 [0084.655] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x26) returned 0 [0084.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr")) returned 0x27 [0084.656] GetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\bootmgr.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.656] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.656] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x27) returned 0 [0084.656] SetEvent (hEvent=0x28c) returned 1 [0084.656] CreateFileW (lpFileName="\\\\?\\C:\\BOOTNXT" (normalized: "c:\\bootnxt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0084.659] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=1) returned 1 [0084.659] CloseHandle (hObject=0x21c) returned 1 [0084.659] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTNXT" (normalized: "c:\\bootnxt")) returned 0x26 [0084.659] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTNXT" (normalized: "c:\\bootnxt")) returned 0x26 [0084.659] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTNXT.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\bootnxt.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.659] CreateFileW (lpFileName="\\\\?\\C:\\BOOTNXT" (normalized: "c:\\bootnxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0084.659] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.659] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.659] CreateFileW (lpFileName="\\\\?\\C:\\BOOTNXT.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\bootnxt.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x26, hTemplateFile=0x0) returned 0x328 [0084.660] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x1, lpOverlapped=0x0) returned 1 [0084.661] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x10, lpOverlapped=0x0) returned 1 [0084.662] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xe2, lpOverlapped=0x0) returned 1 [0084.662] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.662] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.662] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x1, lpOverlapped=0x0) returned 1 [0084.662] FlushFileBuffers (hFile=0x21c) returned 1 [0084.730] FlushFileBuffers (hFile=0x328) returned 1 [0084.740] CloseHandle (hObject=0x21c) returned 1 [0084.740] CloseHandle (hObject=0x328) returned 1 [0084.740] DeleteFileW (lpFileName="\\\\?\\C:\\BOOTNXT" (normalized: "c:\\bootnxt")) returned 1 [0084.741] SetEvent (hEvent=0x28c) returned 1 [0084.741] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.741] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=8192) returned 1 [0084.742] CloseHandle (hObject=0x328) returned 1 [0084.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 0x27 [0084.742] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK", dwFileAttributes=0x26) returned 1 [0084.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 0x26 [0084.742] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\bootsect.bak.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.742] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.742] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.742] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.742] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\bootsect.bak.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x26, hTemplateFile=0x0) returned 0x21c [0084.743] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x2000, lpOverlapped=0x0) returned 1 [0084.747] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x2010, lpOverlapped=0x0) returned 1 [0084.748] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf2, lpOverlapped=0x0) returned 1 [0084.748] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.748] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.748] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x2000, lpOverlapped=0x0) returned 1 [0084.748] FlushFileBuffers (hFile=0x328) returned 1 [0084.889] FlushFileBuffers (hFile=0x21c) returned 1 [0084.890] CloseHandle (hObject=0x328) returned 1 [0084.890] CloseHandle (hObject=0x21c) returned 1 [0084.891] DeleteFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 1 [0084.892] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.id[B4197730-2275].[checkcheck07@qq.com].Adame", dwFileAttributes=0x27) returned 1 [0084.892] SetEvent (hEvent=0x28c) returned 1 [0084.892] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0084.893] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0084.893] CloseHandle (hObject=0x21c) returned 1 [0084.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx")) returned 0x20 [0084.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx")) returned 0x20 [0084.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\hardwareevents.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.893] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0084.893] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.893] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.893] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\hardwareevents.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0084.893] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0084.895] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0084.897] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0084.898] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.898] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.898] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0084.898] FlushFileBuffers (hFile=0x21c) returned 1 [0084.910] FlushFileBuffers (hFile=0x328) returned 1 [0084.911] CloseHandle (hObject=0x21c) returned 1 [0084.911] CloseHandle (hObject=0x328) returned 1 [0084.911] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\HardwareEvents.evtx" (normalized: "c:\\logs\\hardwareevents.evtx")) returned 1 [0084.913] SetEvent (hEvent=0x28c) returned 1 [0084.913] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx" (normalized: "c:\\logs\\internet explorer.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.913] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0084.913] CloseHandle (hObject=0x328) returned 1 [0084.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx" (normalized: "c:\\logs\\internet explorer.evtx")) returned 0x20 [0084.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx" (normalized: "c:\\logs\\internet explorer.evtx")) returned 0x20 [0084.913] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\internet explorer.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0084.913] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx" (normalized: "c:\\logs\\internet explorer.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0084.913] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.914] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0084.914] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\internet explorer.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x21c [0084.914] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0084.916] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0084.918] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x102, lpOverlapped=0x0) returned 1 [0084.918] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.918] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0084.918] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0084.918] FlushFileBuffers (hFile=0x328) returned 1 [0085.100] FlushFileBuffers (hFile=0x21c) returned 1 [0085.104] CloseHandle (hObject=0x328) returned 1 [0085.104] CloseHandle (hObject=0x21c) returned 1 [0085.105] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Internet Explorer.evtx" (normalized: "c:\\logs\\internet explorer.evtx")) returned 1 [0085.106] SetEvent (hEvent=0x28c) returned 1 [0085.106] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0085.106] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0085.106] CloseHandle (hObject=0x21c) returned 1 [0085.106] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx")) returned 0x20 [0085.107] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx")) returned 0x20 [0085.107] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.107] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0085.107] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.107] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.107] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0085.107] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0085.110] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0085.112] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0085.112] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.112] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.112] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0085.112] FlushFileBuffers (hFile=0x21c) returned 1 [0085.120] FlushFileBuffers (hFile=0x328) returned 1 [0085.126] CloseHandle (hObject=0x21c) returned 1 [0085.126] CloseHandle (hObject=0x328) returned 1 [0085.126] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Client-Licensing-Platform%4Admin.evtx" (normalized: "c:\\logs\\microsoft-client-licensing-platform%4admin.evtx")) returned 1 [0085.127] SetEvent (hEvent=0x28c) returned 1 [0085.127] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0085.129] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=1052672) returned 1 [0085.129] CloseHandle (hObject=0x328) returned 1 [0085.129] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx")) returned 0x20 [0085.129] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx")) returned 0x20 [0085.129] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.129] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0085.129] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.129] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.129] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x21c [0085.129] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x101000, lpOverlapped=0x0) returned 1 [0085.171] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x101010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x101010, lpOverlapped=0x0) returned 1 [0085.461] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x162, lpOverlapped=0x0) returned 1 [0085.461] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.461] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.461] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x101000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x101000, lpOverlapped=0x0) returned 1 [0085.466] FlushFileBuffers (hFile=0x328) returned 1 [0085.472] FlushFileBuffers (hFile=0x21c) returned 1 [0085.554] CloseHandle (hObject=0x328) returned 1 [0085.555] CloseHandle (hObject=0x21c) returned 1 [0085.555] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-applicationresourcemanagementsystem%4operational.evtx")) returned 1 [0085.565] SetEvent (hEvent=0x28c) returned 1 [0085.565] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0085.566] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0085.566] CloseHandle (hObject=0x21c) returned 1 [0085.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx")) returned 0x20 [0085.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx")) returned 0x20 [0085.566] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.566] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0085.566] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.566] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.566] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0085.567] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0085.570] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0085.572] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0085.572] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.572] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.572] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0085.572] FlushFileBuffers (hFile=0x21c) returned 1 [0085.584] FlushFileBuffers (hFile=0x328) returned 1 [0085.586] CloseHandle (hObject=0x21c) returned 1 [0085.586] CloseHandle (hObject=0x328) returned 1 [0085.587] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppModel-Runtime%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-appmodel-runtime%4admin.evtx")) returned 1 [0085.588] SetEvent (hEvent=0x28c) returned 1 [0085.588] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0085.591] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=1118208) returned 1 [0085.591] CloseHandle (hObject=0x328) returned 1 [0085.591] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx")) returned 0x20 [0085.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx")) returned 0x20 [0085.592] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0085.592] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0085.592] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.592] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0085.592] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x21c [0085.592] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x110100, lpOverlapped=0x0) returned 1 [0085.623] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x110100, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x110100, lpOverlapped=0x0) returned 1 [0085.788] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0xf00, lpOverlapped=0x0) returned 1 [0085.788] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xf10, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0xf10, lpOverlapped=0x0) returned 1 [0085.789] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0085.789] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.789] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0085.789] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x110102, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x110102, lpOverlapped=0x0) returned 1 [0085.794] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xefe, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0xefe, lpOverlapped=0x0) returned 1 [0085.794] FlushFileBuffers (hFile=0x328) returned 1 [0085.800] FlushFileBuffers (hFile=0x21c) returned 1 [0085.804] CloseHandle (hObject=0x328) returned 1 [0085.804] CloseHandle (hObject=0x21c) returned 1 [0085.804] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppReadiness%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appreadiness%4operational.evtx")) returned 1 [0085.814] SetEvent (hEvent=0x28c) returned 1 [0085.814] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0085.814] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=2166784) returned 1 [0085.814] CloseHandle (hObject=0x21c) returned 1 [0085.815] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx")) returned 0x20 [0085.815] MoveFileW (lpExistingFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx"), lpNewFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 1 [0085.815] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-appxdeploymentserver%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0085.815] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0085.815] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0085.815] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4d88058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0085.820] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xb0555, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0085.820] ReadFile (in: hFile=0x21c, lpBuffer=0x4dc8058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4dc8058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0085.822] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x1d1000, lpNewFilePointer=0x0, dwMoveMethod=0x10afd10 | out: lpNewFilePointer=0x0) returned 1 [0085.822] ReadFile (in: hFile=0x21c, lpBuffer=0x4e08058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x10afd1c, lpOverlapped=0x0 | out: lpBuffer=0x4e08058*, lpNumberOfBytesRead=0x10afd1c*=0x40000, lpOverlapped=0x0) returned 1 [0085.844] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe80 | out: lpNewFilePointer=0x0) returned 1 [0085.844] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0xc0162, lpNumberOfBytesWritten=0x10afe78, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe78*=0xc0162, lpOverlapped=0x0) returned 1 [0086.085] SetEndOfFile (hFile=0x21c) returned 1 [0086.085] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x1d1000, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0086.085] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4819a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4819a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0086.087] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xb0555, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0086.087] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4819a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4819a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0086.090] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afd18 | out: lpNewFilePointer=0x0) returned 1 [0086.090] WriteFile (in: hFile=0x21c, lpBuffer=0x4e4819a*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x10afd24, lpOverlapped=0x0 | out: lpBuffer=0x4e4819a*, lpNumberOfBytesWritten=0x10afd24*=0x40000, lpOverlapped=0x0) returned 1 [0086.091] FlushFileBuffers (hFile=0x21c) returned 1 [0086.098] CloseHandle (hObject=0x21c) returned 1 [0086.098] SetEvent (hEvent=0x28c) returned 1 [0086.099] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.099] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.099] CloseHandle (hObject=0x21c) returned 1 [0086.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx")) returned 0x20 [0086.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx")) returned 0x20 [0086.099] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.100] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.100] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.100] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.100] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0086.101] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.106] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.108] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0086.109] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.109] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.109] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.109] FlushFileBuffers (hFile=0x21c) returned 1 [0086.120] FlushFileBuffers (hFile=0x328) returned 1 [0086.128] CloseHandle (hObject=0x21c) returned 1 [0086.128] CloseHandle (hObject=0x328) returned 1 [0086.128] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx" (normalized: "c:\\logs\\microsoft-windows-crypto-dpapi%4backupkeysvc.evtx")) returned 1 [0086.130] SetEvent (hEvent=0x28c) returned 1 [0086.130] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.130] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=1052672) returned 1 [0086.130] CloseHandle (hObject=0x328) returned 1 [0086.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx")) returned 0x20 [0086.130] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx")) returned 0x20 [0086.131] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.131] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.131] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.131] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.131] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x21c [0086.131] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x101000, lpOverlapped=0x0) returned 1 [0086.185] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x101010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x101010, lpOverlapped=0x0) returned 1 [0086.488] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x172, lpOverlapped=0x0) returned 1 [0086.488] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.488] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.488] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x101000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x101000, lpOverlapped=0x0) returned 1 [0086.494] FlushFileBuffers (hFile=0x328) returned 1 [0086.502] FlushFileBuffers (hFile=0x21c) returned 1 [0086.504] CloseHandle (hObject=0x328) returned 1 [0086.504] CloseHandle (hObject=0x21c) returned 1 [0086.505] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-devicemanagement-enterprise-diagnostics-provider%4admin.evtx")) returned 1 [0086.514] SetEvent (hEvent=0x28c) returned 1 [0086.515] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.516] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.516] CloseHandle (hObject=0x21c) returned 1 [0086.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx")) returned 0x20 [0086.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx")) returned 0x20 [0086.516] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.516] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.516] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.516] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.516] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0086.516] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.519] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.520] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0086.521] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.521] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.521] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.521] FlushFileBuffers (hFile=0x21c) returned 1 [0086.523] FlushFileBuffers (hFile=0x328) returned 1 [0086.525] CloseHandle (hObject=0x21c) returned 1 [0086.525] CloseHandle (hObject=0x328) returned 1 [0086.525] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-HotspotAuth%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-hotspotauth%4operational.evtx")) returned 1 [0086.527] SetEvent (hEvent=0x28c) returned 1 [0086.527] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.527] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.527] CloseHandle (hObject=0x328) returned 1 [0086.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx")) returned 0x20 [0086.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx")) returned 0x20 [0086.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.527] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.528] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.528] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.528] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x21c [0086.528] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.531] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.532] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0086.533] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.533] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.533] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.533] FlushFileBuffers (hFile=0x328) returned 1 [0086.536] FlushFileBuffers (hFile=0x21c) returned 1 [0086.537] CloseHandle (hObject=0x328) returned 1 [0086.538] CloseHandle (hObject=0x21c) returned 1 [0086.538] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-hyper-v-guest-drivers%4admin.evtx")) returned 1 [0086.539] SetEvent (hEvent=0x28c) returned 1 [0086.539] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.540] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.540] CloseHandle (hObject=0x21c) returned 1 [0086.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx")) returned 0x20 [0086.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx")) returned 0x20 [0086.540] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.540] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.540] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.541] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.541] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0086.542] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.544] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.546] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0086.546] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.546] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.546] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.546] FlushFileBuffers (hFile=0x21c) returned 1 [0086.579] FlushFileBuffers (hFile=0x328) returned 1 [0086.580] CloseHandle (hObject=0x21c) returned 1 [0086.580] CloseHandle (hObject=0x328) returned 1 [0086.581] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-International%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-international%4operational.evtx")) returned 1 [0086.582] SetEvent (hEvent=0x28c) returned 1 [0086.582] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.582] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.582] CloseHandle (hObject=0x328) returned 1 [0086.582] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx")) returned 0x20 [0086.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx")) returned 0x20 [0086.583] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.583] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.583] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.583] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.583] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x21c [0086.583] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.586] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.587] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0086.588] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.588] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.588] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.588] FlushFileBuffers (hFile=0x328) returned 1 [0086.590] FlushFileBuffers (hFile=0x21c) returned 1 [0086.591] CloseHandle (hObject=0x328) returned 1 [0086.592] CloseHandle (hObject=0x21c) returned 1 [0086.592] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Boot%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-boot%4operational.evtx")) returned 1 [0086.593] SetEvent (hEvent=0x28c) returned 1 [0086.593] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.593] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.593] CloseHandle (hObject=0x21c) returned 1 [0086.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx")) returned 0x20 [0086.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx")) returned 0x20 [0086.594] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.594] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c [0086.594] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.594] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.594] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0086.594] ReadFile (in: hFile=0x21c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.596] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.598] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0086.598] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.598] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.598] WriteFile (in: hFile=0x21c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.599] FlushFileBuffers (hFile=0x21c) returned 1 [0086.760] FlushFileBuffers (hFile=0x328) returned 1 [0086.803] CloseHandle (hObject=0x21c) returned 1 [0086.803] CloseHandle (hObject=0x328) returned 1 [0086.803] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-eventtracing%4admin.evtx")) returned 1 [0086.805] SetEvent (hEvent=0x28c) returned 1 [0086.805] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.805] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.805] CloseHandle (hObject=0x328) returned 1 [0086.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx")) returned 0x20 [0086.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx")) returned 0x20 [0086.805] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.806] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.806] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.806] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.806] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0086.807] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.809] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.812] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x152, lpOverlapped=0x0) returned 1 [0086.812] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.812] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.812] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.813] FlushFileBuffers (hFile=0x328) returned 1 [0086.831] FlushFileBuffers (hFile=0x354) returned 1 [0086.836] CloseHandle (hObject=0x328) returned 1 [0086.836] CloseHandle (hObject=0x354) returned 1 [0086.837] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-power%4thermal-operational.evtx")) returned 1 [0086.838] SetEvent (hEvent=0x28c) returned 1 [0086.838] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0086.839] GetFileSizeEx (in: hFile=0x354, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.839] CloseHandle (hObject=0x354) returned 1 [0086.839] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx")) returned 0x20 [0086.839] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx")) returned 0x20 [0086.839] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.839] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0086.839] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.839] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.839] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0086.839] ReadFile (in: hFile=0x354, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.843] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.845] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0086.845] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.845] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.845] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.846] FlushFileBuffers (hFile=0x354) returned 1 [0086.849] FlushFileBuffers (hFile=0x328) returned 1 [0086.865] CloseHandle (hObject=0x354) returned 1 [0086.865] CloseHandle (hObject=0x328) returned 1 [0086.865] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-shimengine%4operational.evtx")) returned 1 [0086.867] SetEvent (hEvent=0x28c) returned 1 [0086.867] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.867] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.867] CloseHandle (hObject=0x328) returned 1 [0086.867] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx")) returned 0x20 [0086.867] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx")) returned 0x20 [0086.867] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.868] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0086.868] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.868] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.868] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0086.868] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.870] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.872] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0086.872] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.872] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.873] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.873] FlushFileBuffers (hFile=0x328) returned 1 [0086.875] FlushFileBuffers (hFile=0x354) returned 1 [0086.877] CloseHandle (hObject=0x328) returned 1 [0086.877] CloseHandle (hObject=0x354) returned 1 [0086.891] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-storemgr%4operational.evtx")) returned 1 [0086.893] SetEvent (hEvent=0x28c) returned 1 [0086.893] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0086.894] GetFileSizeEx (in: hFile=0x354, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0086.894] CloseHandle (hObject=0x354) returned 1 [0086.894] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx")) returned 0x20 [0086.894] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx")) returned 0x20 [0086.894] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0086.894] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0086.895] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.895] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0086.895] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0086.895] ReadFile (in: hFile=0x354, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0086.897] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0086.899] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0086.899] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.900] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0086.900] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0086.900] FlushFileBuffers (hFile=0x354) returned 1 [0087.086] FlushFileBuffers (hFile=0x328) returned 1 [0087.088] CloseHandle (hObject=0x354) returned 1 [0087.089] CloseHandle (hObject=0x328) returned 1 [0087.089] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Kernel-WHEA%4Errors.evtx" (normalized: "c:\\logs\\microsoft-windows-kernel-whea%4errors.evtx")) returned 1 [0087.090] SetEvent (hEvent=0x28c) returned 1 [0087.090] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0087.090] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.091] CloseHandle (hObject=0x328) returned 1 [0087.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx")) returned 0x20 [0087.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx")) returned 0x20 [0087.091] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.091] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0087.091] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.091] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.091] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0087.091] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.094] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.096] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0087.096] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.096] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.096] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.096] FlushFileBuffers (hFile=0x328) returned 1 [0087.111] FlushFileBuffers (hFile=0x354) returned 1 [0087.113] CloseHandle (hObject=0x328) returned 1 [0087.113] CloseHandle (hObject=0x354) returned 1 [0087.114] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-LiveId%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-liveid%4operational.evtx")) returned 1 [0087.115] SetEvent (hEvent=0x28c) returned 1 [0087.115] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.115] GetFileSizeEx (in: hFile=0x354, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.115] CloseHandle (hObject=0x354) returned 1 [0087.116] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx")) returned 0x20 [0087.116] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx")) returned 0x20 [0087.116] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.116] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.116] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.116] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.116] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0087.116] ReadFile (in: hFile=0x354, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.119] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.121] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x122, lpOverlapped=0x0) returned 1 [0087.121] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.121] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.121] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.121] FlushFileBuffers (hFile=0x354) returned 1 [0087.123] FlushFileBuffers (hFile=0x328) returned 1 [0087.124] CloseHandle (hObject=0x354) returned 1 [0087.125] CloseHandle (hObject=0x328) returned 1 [0087.125] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Admin.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4admin.evtx")) returned 1 [0087.126] SetEvent (hEvent=0x28c) returned 1 [0087.126] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0087.127] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.127] CloseHandle (hObject=0x328) returned 1 [0087.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx")) returned 0x20 [0087.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx")) returned 0x20 [0087.127] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.127] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0087.127] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.127] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.127] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0087.128] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.131] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.133] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x122, lpOverlapped=0x0) returned 1 [0087.133] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.133] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.133] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.133] FlushFileBuffers (hFile=0x328) returned 1 [0087.136] FlushFileBuffers (hFile=0x354) returned 1 [0087.137] CloseHandle (hObject=0x328) returned 1 [0087.137] CloseHandle (hObject=0x354) returned 1 [0087.137] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-MUI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-mui%4operational.evtx")) returned 1 [0087.139] SetEvent (hEvent=0x28c) returned 1 [0087.139] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.139] GetFileSizeEx (in: hFile=0x354, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.139] CloseHandle (hObject=0x354) returned 1 [0087.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx")) returned 0x20 [0087.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx")) returned 0x20 [0087.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.139] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.139] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.139] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.139] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x328 [0087.140] ReadFile (in: hFile=0x354, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.142] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.144] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0087.144] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.144] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.144] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.144] FlushFileBuffers (hFile=0x354) returned 1 [0087.163] FlushFileBuffers (hFile=0x328) returned 1 [0087.164] CloseHandle (hObject=0x354) returned 1 [0087.164] CloseHandle (hObject=0x328) returned 1 [0087.164] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NCSI%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ncsi%4operational.evtx")) returned 1 [0087.166] SetEvent (hEvent=0x28c) returned 1 [0087.166] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0087.166] GetFileSizeEx (in: hFile=0x328, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.166] CloseHandle (hObject=0x328) returned 1 [0087.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx")) returned 0x20 [0087.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx")) returned 0x20 [0087.166] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.166] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0087.167] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.167] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.167] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0087.167] ReadFile (in: hFile=0x328, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.169] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.171] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x142, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x142, lpOverlapped=0x0) returned 1 [0087.171] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.171] SetFilePointerEx (in: hFile=0x328, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.171] WriteFile (in: hFile=0x328, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.172] FlushFileBuffers (hFile=0x328) returned 1 [0087.174] FlushFileBuffers (hFile=0x354) returned 1 [0087.175] CloseHandle (hObject=0x328) returned 1 [0087.176] CloseHandle (hObject=0x354) returned 1 [0087.176] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-NetworkProfile%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-networkprofile%4operational.evtx")) returned 1 [0087.177] SetEvent (hEvent=0x28c) returned 1 [0087.177] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x35c [0087.178] GetFileSizeEx (in: hFile=0x35c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.178] CloseHandle (hObject=0x35c) returned 1 [0087.178] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx")) returned 0x20 [0087.179] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx")) returned 0x20 [0087.179] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.179] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x35c [0087.179] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.179] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.179] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0087.180] ReadFile (in: hFile=0x35c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.182] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.183] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0087.184] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.184] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.184] WriteFile (in: hFile=0x35c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.184] FlushFileBuffers (hFile=0x35c) returned 1 [0087.188] FlushFileBuffers (hFile=0x354) returned 1 [0087.190] CloseHandle (hObject=0x35c) returned 1 [0087.190] CloseHandle (hObject=0x354) returned 1 [0087.190] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4operational.evtx")) returned 1 [0087.191] SetEvent (hEvent=0x28c) returned 1 [0087.191] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.192] GetFileSizeEx (in: hFile=0x354, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.192] CloseHandle (hObject=0x354) returned 1 [0087.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx")) returned 0x20 [0087.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx")) returned 0x20 [0087.192] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.192] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.192] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.192] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.192] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x35c [0087.193] ReadFile (in: hFile=0x354, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.195] WriteFile (in: hFile=0x35c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.197] WriteFile (in: hFile=0x35c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x122, lpOverlapped=0x0) returned 1 [0087.197] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.197] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.197] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.198] FlushFileBuffers (hFile=0x354) returned 1 [0087.337] FlushFileBuffers (hFile=0x35c) returned 1 [0087.347] CloseHandle (hObject=0x354) returned 1 [0087.347] CloseHandle (hObject=0x35c) returned 1 [0087.348] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Ntfs%4WHC.evtx" (normalized: "c:\\logs\\microsoft-windows-ntfs%4whc.evtx")) returned 1 [0087.349] SetEvent (hEvent=0x28c) returned 1 [0087.349] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x35c [0087.349] GetFileSizeEx (in: hFile=0x35c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.349] CloseHandle (hObject=0x35c) returned 1 [0087.350] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx")) returned 0x20 [0087.350] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx")) returned 0x20 [0087.350] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.350] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x35c [0087.350] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.350] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.350] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0087.371] ReadFile (in: hFile=0x35c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.373] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.375] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x132, lpOverlapped=0x0) returned 1 [0087.375] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.376] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.376] WriteFile (in: hFile=0x35c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.376] FlushFileBuffers (hFile=0x35c) returned 1 [0087.378] FlushFileBuffers (hFile=0x354) returned 1 [0087.379] CloseHandle (hObject=0x35c) returned 1 [0087.380] CloseHandle (hObject=0x354) returned 1 [0087.380] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-ReadyBoost%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-readyboost%4operational.evtx")) returned 1 [0087.381] SetEvent (hEvent=0x28c) returned 1 [0087.381] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.382] GetFileSizeEx (in: hFile=0x354, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=69632) returned 1 [0087.382] CloseHandle (hObject=0x354) returned 1 [0087.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx")) returned 0x20 [0087.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx")) returned 0x20 [0087.382] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.382] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354 [0087.382] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.382] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.382] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x35c [0087.382] ReadFile (in: hFile=0x354, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x11000, lpOverlapped=0x0) returned 1 [0087.392] WriteFile (in: hFile=0x35c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x11010, lpOverlapped=0x0) returned 1 [0087.394] WriteFile (in: hFile=0x35c, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x162, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afe74*=0x162, lpOverlapped=0x0) returned 1 [0087.394] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.394] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afbe8 | out: lpNewFilePointer=0x0) returned 1 [0087.394] WriteFile (in: hFile=0x354, lpBuffer=0x4d88020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x10afbf4, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesWritten=0x10afbf4*=0x11000, lpOverlapped=0x0) returned 1 [0087.394] FlushFileBuffers (hFile=0x354) returned 1 [0087.397] FlushFileBuffers (hFile=0x35c) returned 1 [0087.398] CloseHandle (hObject=0x354) returned 1 [0087.398] CloseHandle (hObject=0x35c) returned 1 [0087.398] DeleteFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx" (normalized: "c:\\logs\\microsoft-windows-resource-exhaustion-detector%4operational.evtx")) returned 1 [0087.400] SetEvent (hEvent=0x28c) returned 1 [0087.400] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x35c [0087.401] GetFileSizeEx (in: hFile=0x35c, lpFileSize=0x10afec0 | out: lpFileSize=0x10afec0*=1052672) returned 1 [0087.401] CloseHandle (hObject=0x35c) returned 1 [0087.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx")) returned 0x20 [0087.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx")) returned 0x20 [0087.401] GetFileAttributesW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame")) returned 0xffffffff [0087.401] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x35c [0087.401] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.401] SetFilePointerEx (in: hFile=0x35c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x10afe88 | out: lpNewFilePointer=0x0) returned 1 [0087.401] CreateFileW (lpFileName="\\\\?\\C:\\Logs\\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-2275].[checkcheck07@qq.com].Adame" (normalized: "c:\\logs\\microsoft-windows-settingsync%4debug.evtx.id[b4197730-2275].[checkcheck07@qq.com].adame"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x354 [0087.402] ReadFile (in: hFile=0x35c, lpBuffer=0x4d88020, nNumberOfBytesToRead=0x110100, lpNumberOfBytesRead=0x10afe9c, lpOverlapped=0x0 | out: lpBuffer=0x4d88020*, lpNumberOfBytesRead=0x10afe9c*=0x101000, lpOverlapped=0x0) returned 1 [0087.437] WriteFile (hFile=0x354, lpBuffer=0x4d88020, nNumberOfBytesToWrite=0x101010, lpNumberOfBytesWritten=0x10afe74, lpOverlapped=0x0) Thread: id = 20 os_tid = 0x260 Thread: id = 21 os_tid = 0xd14 Process: id = "3" image_name = "dllhost.exe" filename = "c:\\windows\\syswow64\\dllhost.exe" page_root = "0x3f1d2000" os_pid = "0x2ac" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xe5c" cmd_line = "\"C:\\Windows\\SysWOW64\\dllhost.exe\"" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 7 os_tid = 0xa28 Thread: id = 8 os_tid = 0xd44 Process: id = "4" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x63571000" os_pid = "0x6d0" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xe], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xa], "NT SERVICE\\wuauserv" [0xa], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000adf5" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 22 os_tid = 0x6d4 Thread: id = 23 os_tid = 0x6d8 Thread: id = 24 os_tid = 0x6f4 Thread: id = 25 os_tid = 0x6f8 Thread: id = 26 os_tid = 0x6fc Thread: id = 27 os_tid = 0x700 Thread: id = 28 os_tid = 0x704 Thread: id = 29 os_tid = 0x708 Process: id = "5" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x729cf000" os_pid = "0xab0" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 30 os_tid = 0xab4 Thread: id = 31 os_tid = 0xab8 Thread: id = 32 os_tid = 0xae8 Thread: id = 33 os_tid = 0xaec Thread: id = 34 os_tid = 0xaf0 Thread: id = 35 os_tid = 0xaf4 Thread: id = 36 os_tid = 0xafc Thread: id = 37 os_tid = 0xb00 Thread: id = 154 os_tid = 0x8e0 Thread: id = 166 os_tid = 0x76c Thread: id = 167 os_tid = 0x708 Thread: id = 168 os_tid = 0x6bc Thread: id = 191 os_tid = 0xc68 Thread: id = 199 os_tid = 0xca0 Thread: id = 200 os_tid = 0xcac Thread: id = 202 os_tid = 0xd00 Thread: id = 203 os_tid = 0xd04 Thread: id = 214 os_tid = 0xd68 Thread: id = 215 os_tid = 0xd8c Process: id = "6" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x41a0e000" os_pid = "0xa3c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0xab0" cmd_line = "C:\\WINDOWS\\Explorer.EXE" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 38 os_tid = 0xb0c Thread: id = 39 os_tid = 0xae4 Thread: id = 40 os_tid = 0xad0 Thread: id = 41 os_tid = 0xac8 Thread: id = 42 os_tid = 0xabc Thread: id = 43 os_tid = 0xaac Thread: id = 44 os_tid = 0xaa0 Thread: id = 45 os_tid = 0xa9c Thread: id = 46 os_tid = 0xa98 Thread: id = 47 os_tid = 0xa94 Thread: id = 48 os_tid = 0xa90 Thread: id = 49 os_tid = 0xa8c Thread: id = 50 os_tid = 0xa88 Thread: id = 51 os_tid = 0xa84 Thread: id = 52 os_tid = 0xa80 Thread: id = 53 os_tid = 0xa7c Thread: id = 54 os_tid = 0xa78 Thread: id = 55 os_tid = 0xa74 Thread: id = 56 os_tid = 0xa6c Thread: id = 57 os_tid = 0xa68 Thread: id = 58 os_tid = 0xa64 Thread: id = 59 os_tid = 0xa60 Thread: id = 60 os_tid = 0xa5c Thread: id = 61 os_tid = 0xa58 Thread: id = 62 os_tid = 0xa44 Thread: id = 63 os_tid = 0xa40 Thread: id = 64 os_tid = 0xb74 Thread: id = 65 os_tid = 0xb7c Thread: id = 66 os_tid = 0xb98 Thread: id = 67 os_tid = 0xba4 Thread: id = 68 os_tid = 0xba8 Thread: id = 69 os_tid = 0xbac Thread: id = 70 os_tid = 0xbb0 Thread: id = 71 os_tid = 0xbb4 Thread: id = 72 os_tid = 0xbb8 Thread: id = 73 os_tid = 0xbbc Thread: id = 74 os_tid = 0xbc0 Thread: id = 75 os_tid = 0xbc4 Thread: id = 76 os_tid = 0xbd8 Thread: id = 77 os_tid = 0xbdc Thread: id = 78 os_tid = 0xbe0 Thread: id = 79 os_tid = 0xbe4 Thread: id = 80 os_tid = 0xbe8 Thread: id = 81 os_tid = 0xbec Thread: id = 99 os_tid = 0xbf0 Thread: id = 100 os_tid = 0xbf4 Thread: id = 101 os_tid = 0xbf8 Thread: id = 102 os_tid = 0xbfc Thread: id = 103 os_tid = 0x4fc Thread: id = 104 os_tid = 0x7c4 Thread: id = 145 os_tid = 0x6fc Thread: id = 146 os_tid = 0x708 Thread: id = 147 os_tid = 0x6d4 Thread: id = 148 os_tid = 0x6f4 Thread: id = 149 os_tid = 0x5d4 Thread: id = 150 os_tid = 0x938 Thread: id = 151 os_tid = 0x4bc Thread: id = 152 os_tid = 0xa9c Thread: id = 153 os_tid = 0x4d8 Thread: id = 169 os_tid = 0xba4 Thread: id = 170 os_tid = 0xbbc Thread: id = 171 os_tid = 0xbc4 Thread: id = 172 os_tid = 0x504 Thread: id = 173 os_tid = 0x76c Thread: id = 174 os_tid = 0xa74 Thread: id = 175 os_tid = 0x530 Thread: id = 176 os_tid = 0xbc0 Thread: id = 177 os_tid = 0x6bc Thread: id = 178 os_tid = 0x268 Thread: id = 179 os_tid = 0xc08 Thread: id = 180 os_tid = 0xc1c Thread: id = 181 os_tid = 0xc38 Thread: id = 182 os_tid = 0xc3c Thread: id = 183 os_tid = 0xc40 Thread: id = 184 os_tid = 0xc44 Thread: id = 185 os_tid = 0xc48 Thread: id = 186 os_tid = 0xc50 Thread: id = 187 os_tid = 0xc58 Thread: id = 188 os_tid = 0xc5c Thread: id = 192 os_tid = 0xc6c Thread: id = 193 os_tid = 0xc70 Thread: id = 194 os_tid = 0xc7c Thread: id = 195 os_tid = 0xc80 Thread: id = 196 os_tid = 0xc84 Thread: id = 201 os_tid = 0xcdc Thread: id = 218 os_tid = 0xd9c Thread: id = 223 os_tid = 0xdb8 Thread: id = 224 os_tid = 0xdd8 Thread: id = 225 os_tid = 0xe2c Thread: id = 226 os_tid = 0xe30 Thread: id = 227 os_tid = 0xe34 Thread: id = 228 os_tid = 0xe38 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4c38d000" os_pid = "0x74c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0xa3c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 82 os_tid = 0xbd4 Thread: id = 83 os_tid = 0xb20 Thread: id = 84 os_tid = 0xa24 Thread: id = 85 os_tid = 0xa20 Thread: id = 86 os_tid = 0xa08 Thread: id = 87 os_tid = 0xa04 Thread: id = 88 os_tid = 0xa00 Thread: id = 89 os_tid = 0x9fc Thread: id = 90 os_tid = 0x808 Thread: id = 91 os_tid = 0x604 Thread: id = 92 os_tid = 0x76c Thread: id = 93 os_tid = 0x760 Thread: id = 94 os_tid = 0x7d8 Thread: id = 95 os_tid = 0x7d4 Thread: id = 96 os_tid = 0x7c0 Thread: id = 97 os_tid = 0x754 Thread: id = 98 os_tid = 0x750 Thread: id = 198 os_tid = 0xc9c Thread: id = 246 os_tid = 0xe90 Thread: id = 247 os_tid = 0xe94 Thread: id = 248 os_tid = 0xecc Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x511b1000" os_pid = "0x188" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0xa3c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xe], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "S-1-5-80-2226967063-754826275-1661302337-2802353169-2369347280" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "S-1-5-80-3916113136-2435487254-2535488001-4050622930-2364918814" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b34c" [0xc000000f], "LOCAL" [0x7] Thread: id = 105 os_tid = 0xbd0 Thread: id = 106 os_tid = 0xba0 Thread: id = 107 os_tid = 0xb9c Thread: id = 108 os_tid = 0xb94 Thread: id = 109 os_tid = 0xb90 Thread: id = 110 os_tid = 0xb8c Thread: id = 111 os_tid = 0xb88 Thread: id = 112 os_tid = 0xb84 Thread: id = 113 os_tid = 0xb80 Thread: id = 114 os_tid = 0xb5c Thread: id = 115 os_tid = 0xb44 Thread: id = 116 os_tid = 0xb3c Thread: id = 117 os_tid = 0xb38 Thread: id = 118 os_tid = 0xb30 Thread: id = 119 os_tid = 0x9f8 Thread: id = 120 os_tid = 0x990 Thread: id = 121 os_tid = 0x98c Thread: id = 122 os_tid = 0x988 Thread: id = 123 os_tid = 0x980 Thread: id = 124 os_tid = 0x978 Thread: id = 125 os_tid = 0x974 Thread: id = 126 os_tid = 0x804 Thread: id = 127 os_tid = 0x674 Thread: id = 128 os_tid = 0x724 Thread: id = 129 os_tid = 0x564 Thread: id = 130 os_tid = 0x4d0 Thread: id = 131 os_tid = 0x4cc Thread: id = 132 os_tid = 0x4b0 Thread: id = 133 os_tid = 0x498 Thread: id = 134 os_tid = 0x490 Thread: id = 135 os_tid = 0x48c Thread: id = 136 os_tid = 0x488 Thread: id = 137 os_tid = 0x484 Thread: id = 138 os_tid = 0x480 Thread: id = 139 os_tid = 0x460 Thread: id = 140 os_tid = 0x45c Thread: id = 141 os_tid = 0x418 Thread: id = 142 os_tid = 0x414 Thread: id = 143 os_tid = 0x2fc Thread: id = 144 os_tid = 0x2f8 Thread: id = 197 os_tid = 0xc88 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4c2e2000" os_pid = "0x5c8" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0xab0" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001088e" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 155 os_tid = 0xa18 Thread: id = 156 os_tid = 0xa14 Thread: id = 157 os_tid = 0xa10 Thread: id = 158 os_tid = 0xa0c Thread: id = 159 os_tid = 0x690 Thread: id = 160 os_tid = 0x688 Thread: id = 161 os_tid = 0x654 Thread: id = 162 os_tid = 0x650 Thread: id = 163 os_tid = 0x64c Thread: id = 164 os_tid = 0x5d0 Thread: id = 165 os_tid = 0x5cc Thread: id = 189 os_tid = 0xc60 Thread: id = 190 os_tid = 0xc64 Process: id = "10" image_name = "mobsync.exe" filename = "c:\\windows\\system32\\mobsync.exe" page_root = "0x3b1f2000" os_pid = "0xd3c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0xa3c" cmd_line = "C:\\WINDOWS\\System32\\mobsync.exe -Embedding" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 204 os_tid = 0xd60 Thread: id = 205 os_tid = 0xd5c Thread: id = 206 os_tid = 0xd58 Thread: id = 207 os_tid = 0xd54 Thread: id = 208 os_tid = 0xd50 Thread: id = 209 os_tid = 0xd4c Thread: id = 210 os_tid = 0xd48 Thread: id = 211 os_tid = 0xd44 Thread: id = 212 os_tid = 0xd40 Thread: id = 213 os_tid = 0xd64 Process: id = "11" image_name = "dllhost.exe" filename = "c:\\users\\fd1hvy\\appdata\\local\\dllhost.exe" page_root = "0x3b4be000" os_pid = "0xd90" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Users\\FD1HVy\\AppData\\Local\\dllhost.exe\" " cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 216 os_tid = 0xd94 [0218.221] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0218.221] _o__set_app_type () returned 0x1 [0218.221] _o__set_fmode () returned 0x0 [0218.221] _o___p__commode () returned 0x76b696f8 [0218.221] _o__crt_atexit () returned 0x0 [0218.221] _o__configure_wide_argv () returned 0x0 [0218.222] RtlInitializeSListHead (in: ListHead=0xe63050 | out: ListHead=0xe63050) [0218.222] _o__controlfp_s () returned 0x0 [0218.222] _o__configthreadlocale () returned 0x2 [0218.222] _o__initialize_wide_environment () returned 0x0 [0218.224] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe61db0) returned 0x0 [0218.225] _o__set_new_mode () returned 0x0 [0218.225] _o_memset () returned 0xcefc48 [0218.225] GetStartupInfoW (in: lpStartupInfo=0xcefc48 | out: lpStartupInfo=0xcefc48*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\FD1HVy\\AppData\\Local\\dllhost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0218.225] _o__get_wide_winmain_command_line () returned 0x32c1b48 [0218.225] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0218.225] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x22, ProcessInformation=0xcefa04, ProcessInformationLength=0x4) returned 0x0 [0218.255] IIDFromString (in: lpsz="", lpiid=0xcefa08 | out: lpiid=0xcefa08) returned 0x80070057 [0218.255] GetModuleHandleW (lpModuleName=0x0) returned 0xe60000 [0218.255] _o_exit () Thread: id = 217 os_tid = 0xd98 Process: id = "12" image_name = "dllhost.exe" filename = "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\dllhost.exe" page_root = "0x338df000" os_pid = "0xda0" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xa3c" cmd_line = "\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\dllhost.exe\" " cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 219 os_tid = 0xda4 [0218.674] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0218.674] _o__set_app_type () returned 0x1 [0218.674] _o__set_fmode () returned 0x0 [0218.674] _o___p__commode () returned 0x76b696f8 [0218.675] _o__crt_atexit () returned 0x0 [0218.675] _o__configure_wide_argv () returned 0x0 [0218.675] RtlInitializeSListHead (in: ListHead=0x12e3050 | out: ListHead=0x12e3050) [0218.675] _o__controlfp_s () returned 0x0 [0218.675] _o__configthreadlocale () returned 0x2 [0218.675] _o__initialize_wide_environment () returned 0x0 [0218.677] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x12e1db0) returned 0x0 [0218.677] _o__set_new_mode () returned 0x0 [0218.677] _o_memset () returned 0xe3fdd4 [0218.677] GetStartupInfoW (in: lpStartupInfo=0xe3fdd4 | out: lpStartupInfo=0xe3fdd4*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\dllhost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0218.677] _o__get_wide_winmain_command_line () returned 0x1131bc4 [0218.677] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0218.677] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x22, ProcessInformation=0xe3fb90, ProcessInformationLength=0x4) returned 0x0 [0218.677] IIDFromString (in: lpsz="", lpiid=0xe3fb94 | out: lpiid=0xe3fb94) returned 0x80070057 [0218.677] GetModuleHandleW (lpModuleName=0x0) returned 0x12e0000 [0218.677] _o_exit () Thread: id = 220 os_tid = 0xda8 Process: id = "13" image_name = "dllhost.exe" filename = "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\dllhost.exe" page_root = "0x365ef000" os_pid = "0xdac" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\dllhost.exe\" " cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 221 os_tid = 0xdb0 [0218.863] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0218.863] _o__set_app_type () returned 0x1 [0218.863] _o__set_fmode () returned 0x0 [0218.863] _o___p__commode () returned 0x76b696f8 [0218.863] _o__crt_atexit () returned 0x0 [0218.863] _o__configure_wide_argv () returned 0x0 [0218.863] RtlInitializeSListHead (in: ListHead=0x2c3050 | out: ListHead=0x2c3050) [0218.863] _o__controlfp_s () returned 0x0 [0218.863] _o__configthreadlocale () returned 0x2 [0218.863] _o__initialize_wide_environment () returned 0x0 [0218.865] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2c1db0) returned 0x0 [0218.866] _o__set_new_mode () returned 0x0 [0218.866] _o_memset () returned 0x263fc34 [0218.866] GetStartupInfoW (in: lpStartupInfo=0x263fc34 | out: lpStartupInfo=0x263fc34*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\dllhost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0218.866] _o__get_wide_winmain_command_line () returned 0x26d1c08 [0218.866] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0218.866] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x22, ProcessInformation=0x263f9f0, ProcessInformationLength=0x4) returned 0x0 [0218.866] IIDFromString (in: lpsz="", lpiid=0x263f9f4 | out: lpiid=0x263f9f4) returned 0x80070057 [0218.866] GetModuleHandleW (lpModuleName=0x0) returned 0x2c0000 [0218.866] _o_exit () Thread: id = 222 os_tid = 0xdb4 Process: id = "14" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x653b5000" os_pid = "0xe3c" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00012722" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 229 os_tid = 0xe40 Thread: id = 230 os_tid = 0xe44 Thread: id = 231 os_tid = 0xe48 Thread: id = 232 os_tid = 0xe50 Thread: id = 233 os_tid = 0xe54 Thread: id = 234 os_tid = 0xe58 Thread: id = 235 os_tid = 0xe5c Thread: id = 236 os_tid = 0xe60 Thread: id = 237 os_tid = 0xe64 Thread: id = 238 os_tid = 0xe68 Thread: id = 239 os_tid = 0xe6c Thread: id = 240 os_tid = 0xe70 Thread: id = 241 os_tid = 0xe74 Thread: id = 242 os_tid = 0xe78 Thread: id = 243 os_tid = 0xe7c Thread: id = 244 os_tid = 0xe80 Thread: id = 245 os_tid = 0xe84